Published : May 15, 2018
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
May 2018
Assess
Worth exploring with the goal of understanding how it will affect your enterprise.
nsp is a command line tool to identify known vulnerabilities in Node.js applications. By running the check command on the root of a Node.js project, nsp generates the vulnerabilities report by checking against the published advisories. nsp provides a way to customize the check command to hide all vulnerabilities below the given CVSS score or exit with an error code if at least one finding has a CVSS score above the given value. Once the advisories are saved through the gather command, nsp can also be used in offline mode.
