Comparing npm Audit Versus AuditJS

| | AppSec, auditJS, npm, Rest API
A while back I wrote a blog post after a colleague shared a new JavaScript auditing tool called AuditJS. I wanted to update that based on more time with the tool, particularly since a new version was recently released! AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes ... Read More

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's easy to stumble upon as part of the ubiquitous npm, and even without trying you'll periodically be prompted ... Read More