OWASP dependency-check includes an analyzer that will scan Node Package Manager package specification files that works in conjunction with the Node Audit Analyzer to create a bill-of-materials for a Node.js project.
Files Types Scanned: package.json, package-lock.json, npm-shrinkwrap.json
