⚪ ️5.6 Constantly inspect for vulnerable dependencies

:white_check_mark: Do: Even the most reputable dependencies such as Express have known vulnerabilities. This can get easily tamed using community tools such as npm audit, or commercial tools like snyk (offer also a free community version). Both can be invoked from your CI on every build

Otherwise: Keeping your code clean from vulnerabilities without dedicated tools will require to constantly follow online publications about new threats. Quite tedious


Code Examples

:clap: Example: NPM Audit result

alt text