It should be possibile to execute
npm audit --owasp and getting an OWASP Dependency Check XML.
Because nsp has been acquired by npm, Inc. and
npm audit is more less a replacement for this https://www.npmjs.com/package/nsp project, the owasp nsp reporter (https://www.npmjs.com/package/@ninjaneers/nsp-reporter-owasp) is also dead.
Instead of relying on 2 “dead” projects for generating an owasp, npm should give a possibility to generate a owasp report.
So we have good foundation for displaying vulnerabilities in SonarQube.