The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

And most importantly, it is financially supported by its readers, offering the journalists who work here an outstanding amount of journalistic independence. The independence and originality of our ...