--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
It looks like https://nodesecurity.io/ is dealing with the problem of vulnerable dependencies in the node.js/npm space, and doing it quite nicely. They provide both the database and the tooling. Browsing a few of their advisories, I see that they give a “CVE status” as well.
I would still like to see Dependency Check tackle scripts that land on the client side, though. For example: jQuery, Angular, and literally thousands of smaller libraries. For reasons Jeremy already stated, this will be challenging.
Best regards,
Dale Visser