AuditJS

AuditJS is an open-source Node.js dependency security scanner developed by Sonatype that audits npm package.json and package-lock.json files to identify known security vulnerabilities in both direct and transitive dependencies by cross-referencing packages against the Sonatype OSS Index or Nexus IQ Server vulnerability databases. The tool integrates seamlessly into development workflows through npm scripts, CI/CD pipelines including Travis CI and GitHub Actions, and provides configurable vulnerability whitelisting, cached results for improved performance across multiple projects, and XML/JSON output formats to enable JavaScript developers to proactively detect and remediate security risks in their Node.js applications throughout the software development lifecycle.