Integrate npm audit with Vulnetix. The built-in npm command audits your package.json and lockfile against the npm advisory database and converts JSON output to SARIF for upload.
CLI toolJSONSARIF
Install & scan
$ # npm audit is built into npm — no separate install needed npm --version # verify npm is installed $ # Step 1 — produce JSON report npm audit --json > npm-audit.json # Step 2 — convert to SARIF for Vulnetix npx npm-audit-sarif -i npm-audit.json -o npm-audit.sarif
Run npm audit in CI
Scan on every push and upload the results to Vulnetix:
- name: Run npm audit
run: |
npm ci
npm audit --json > npm-audit.json || true
- name: Convert to SARIF
run: npx npm-audit-sarif -i npm-audit.json -o npm-audit.sarif
- name: Upload to Vulnetix
run: vulnetix upload --file npm-audit.sarif
Centralise npm audit results in Vulnetix
Upload npm audit JSON, SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.