Investigate Snyk.io

[NightLore]

See how reliable and accessible this vulnerability database is https://snyk.io/ https://github.com/snyk/snyk

[bcdasilv]

Pretty interesting tool/service. They provide remediation for vulnerabilities, besides detecting them. Also, they claim to have a leading vulnerability database.

There's a free plan https://snyk.io/plans/

The API is available for paid users only https://snyk.docs.apiary.io/#reference/test/npm which includes an experimental dependency graph https://snyk.docs.apiary.io/#reference/monitor/depgraph

[NightLore]

Example of snyk.io security advisory document: https://snyk.io/vuln/npm:qs:20170213

• Note that snyk.io is linked in npm audit's advisory: https://www.npmjs.com/advisories/1469