Software Vulnerability

Software vulnerability is when code is open to exploitation though known vulnerabilities. The references below contain links to sites and software that can help identify vulnerability.

package.json (NPM)

You can manually check for vulnerabilities with npm audit.

npm audit --json > logfoo.log

At the bottom it will have a summary

  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 199,
      "moderate": 20,
      "high": 86,
      "critical": 2
    },

You should care about severity=critical

References

• https://ossindex.sonatype.org/
• https://owasp.org/www-project-dependency-check/
• https://owasp.org/www-community/Vulnerability_Scanning_Tools
• https://github.com/carlpaton/VulnusCloud