NPM Audit

npm audit is a built-in security auditing tool in the npm package manager that scans Node.js project dependencies by analyzing package.json and package-lock.json files against the GitHub Advisory Database to identify known security vulnerabilities, report severity levels (critical, high, moderate, low, info), and provide actionable remediation guidance with fix commands. The tool runs automatically during package installation and can be executed manually via command-line to generate detailed vulnerability reports with dependency paths, affected versions, and recommendations, while the npm audit fix command attempts to automatically update vulnerable packages to secure versions within semver-compatible ranges to help developers proactively address security risks throughout the development lifecycle.