npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Integrate with GitHub SecurityAdvisory

When developing a package, I run npm audit just before committing and pushing the code to make sure there are no vulnerabilities in my dependencies, everything is fine. But after pushing, I get a friendly email from Github saying that I do have security vulnerabilities in my dependencies!

Integrate with the GitHub SecurityAdvisory to improve the scanning for vulnerabilities so npm audit catches more vulnerabilities.