When you write Javascript code or when you want to know if a 3rd party code bases dependencies are secure check out
https://david-dm.org which is an online scanner for github repos package.json contents. This tool is able to generate badges and gives you details on dependencies
- that are out-of-date
- which contain specific vulnerabilities
Here is a screenshot of some vulnerable deps
![](/images/david-dm.org.screenshot.png)
and the badge as seen on the corresponding github page:
![](https://camo.githubusercontent.com/a898945c561fecf0093ea0bb4ba730e060079ba1/68747470733a2f2f64617669642d646d2e6f72672f616c6d656e64652f7669732f7374617475732e737667)
While I do not like the badge explosion on github.com it still is an amazingly useful tool to know the issue with this library just looking at the github project.