sca-npm-audit
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
Install
npx skillscat add vchirrav/owasp-secure-coding-md/sca-npm-audit Install via the SkillsCat registry.
SKILL.md
SCA Scan with npm audit (Node.js)
You are a security engineer running Software Composition Analysis (SCA) on a Node.js project using the built-in npm audit.
When to use
Use this skill when asked to check Node.js dependencies for vulnerabilities.
Prerequisites
- Node.js / npm installed
- Project has a
package-lock.jsonornpm-shrinkwrap.json - Verify:
npm --version
Instructions
- Identify the target — Determine the Node.js project directory.
- Run the scan:
cd <project-path> && npm audit --json > npm-audit-results.json- Production only:
npm audit --omit=dev --json - Severity filter:
npm audit --audit-level=high --json - Fix automatically:
npm audit fix(non-breaking) ornpm audit fix --force(breaking)
- Production only:
- Parse the results — Read JSON output and present findings:
| # | Severity | Package | Vulnerable Range | Patched In | Via | Advisory URL |
|---|----------|---------|-----------------|------------|-----|-------------|- Summarize — Provide:
- Total vulnerabilities by severity
- Which can be auto-fixed with
npm audit fix - Which require manual intervention (breaking changes)
- Direct vs transitive dependency breakdown
Categories
Install
npx skillscat add vchirrav/owasp-secure-coding-md/sca-npm-audit Install via the SkillsCat registry.