Quick Tip: Snyk security scanner
I recently ran across a slick tool called Snyk at https://app.snyk.io. This tool will scan for security and license problems in your NodeJS dependencies. It also helps create pull requests to resolve any problems.
I started here following the GitLab integration instructions. Follow the instructions to create a GitLab Personal Access Token with API access. Then choose the projects you want to monitor.
I tried the VSCode extension Vuln Cost - Security Scanner, but it didn't install properly.
The command-line interface is pretty simple. One install option is with NPM like this.
npm install -g snyk
Usage requires you to authenticate. It will pop open a browser window.
Now you can scan your project.
Go here for more information on the command options. The most common commands are these.
snyk auth snyk test snyk wizard snyk protect snyk monitor