Fork me on GitHub

Node Audit Analyzer

OWASP dependency-check includes a Node Audit Analyzer that scans package-lock.json files. The analyzer submits the lock files to the NPM Audit API for analysis, returning a list of advisories which get incorporated into the dependency check reports.

This analyzer is enabled by default and requires that the machine performing the analysis can reach out to the Internet.

Files Types Scanned: package-lock.json