Dependency-Track logo Dependency-Track

NPM public advisories contains a number of Javascript vulnerabilities, specific to the Node.js platform and supported libraries, that may or may not be documented in the National Vulnerability Database. Projects that leverage Node.js will benefit from the Node.js datasource as it provides visibility on vulnerabilities specific to the ecosystem.

Dependency-Track integrates with NPM using it’s public advisory API. In doing so, Dependency-Track is able to create a mirror of all NPM advisory data. The mirror is kept up-to-date on a daily basis, or upon the restarting of the Dependency-Track instance.

Credit is provided to NPM with visual and textual cues on where the data originated. Links back to the original NPM advisories are also provided.