[atishay811]

Can't this be made simpler. Something like a cli call npm vulnerable This could take the package.json and list which of my packages need to be upgraded or downgraded to be secure as per the known issues database.

[malandrew]

it could also be run automatically when cd-ing into a directory by overriding the default cd

    cd() {
      builtin cd $*
      if [ -f "package.json" ] ; then
        npm check-vulnerabilities
      fi
    }

I reckon you could also use this with david[0] to check if packages are up to date.

[0] https://github.com/alanshaw/david

[atishay811]

I did not mean outdated. npm outdated can do that. See https://npmjs.org/doc/cli/npm-outdated.html I was looking insecure version of the same through a public repo.

[brokenparser]

That's brilliant, but the search operates on titles, the /package/:name route appears to be broken and there's no RSS. I give up.