nsp

nsp is a command line tool to identify known vulnerabilities in Node.js applications. By running the check command on the root of a Node.js project, nsp generates the vulnerabilities report by checking against the published advisories. nsp provides a way to customize the check command to hide all vulnerabilities below the given CVSS score or exit with an error code if at least one finding has a CVSS score above the given value. Once the advisories are saved through the gather command, nsp can also be used in offline mode.