Snyk for Node.js supports testing and fixing Node.js projects that have their dependencies managed by npm or Yarn.
It is available for GitHub repositories, and via the Snyk CLI.
Testing Node.js projects
We scan Node.js projects by examining your package.json (and installed packages, when using the CLI) to compare the specific versions of every direct and deep dependency in your project against our npm vulnerability database.
We ignore development dependencies by default, but they can be included from the CLI.
Fixing Node.js projects
We fix by updating your package.json to upgrade vulnerable packages to safe versions, where possible. We also have patches for many vulnerabilities, applied when safe upgrades are not available.