When you write Javascript code or when you want to know if a 3rd party code bases dependencies are secure check out https://david-dm.org which is an online scanner for github repos package.json contents. This tool is able to generate badges and gives you details on dependencies
  • that are out-of-date
  • which contain specific vulnerabilities
Here is a screenshot of some vulnerable deps and the badge as seen on the corresponding github page: While I do not like the badge explosion on github.com it still is an amazingly useful tool to know the issue with this library just looking at the github project.