Detecting Vulnerabilities

While, by no means a substitute for thorough penetration testing, the auditjs tool can help to catch some security holes in our modules and applications.

Let's check it out:

npm i -g auditjs 

Now, let's run a security sweep.

In our hsl-to-hex module folder, we simply execute the following:

auditjs

When we run auditjs, the entire node_modules tree is scanned against the OSS Index. The OSS Index contains recorded security vulnerabilities from various sources, including the National Vulnerability Database, the Node Security Project, and http://npmjs.com itself. Additionally, auditjs will check the current Node version in use for any security announcement.