I recently ran across a slick tool called Snyk at https://app.snyk.io. This tool will scan for security and license problems in your NodeJS dependencies. It also helps create pull requests to resolve any problems.
I started here following the GitLab integration instructions. Follow the instructions to create a GitLab Personal Access Token with API access. Then choose the projects you want to monitor.
I tried the VSCode extension Vuln Cost - Security Scanner, but it didn’t install properly.
The command-line interface is pretty simple. One install option is with NPM like this.
My Digital Garden npm install -g snykUsage requires you to authenticate. It will pop open a browser window.
snyk authNow you can scan your project.
snyk testGo here for more information on the command options. The most common commands are these.
snyk auth
snyk test
snyk wizard
snyk protect
snyk monitor