What tools do you use to monitor for NPM and other dependency vulnerabilities?

2 points by tiagom87 ↗ HN
Following the npm hack, I think this is an attack vector that will get more popular in the short term. What tools beside npm audit and dependabot, do you use to monitor for dependency security vulnerabilities?

2 comments

[ 3.0 ms ] story [ 19.4 ms ] thread
My strategy has been to limit my exposure to the larger NPM/Node.js ecosystem. I'll use it only in limited cases where a front-end dependency is required.