Check a repo for npm security best practices

Usage no npm install needed!

<script type="module">
  import vax from '';


vax Build Status

Check your Node project for npm security best practices. Currently, it simply:

  1. Checks if you have an .npmrc file with save-exact=true in it.
  2. Checks if an npm-shrinkwrap.json file is present.
  3. Checks your package.json for any loose range specifiers (~, ^, <, >).

It will do its best to fix these problems for you.


npm install -g vax

And then run vax with the location of your node module.

vax ~/Projects/my-node-project

> error: No .npmrc file found. Please create one and add `save-exact=true` to it.
> error: Please shrinkwrap your dependencies by running `npm shrinkwrap`.
> info: Your `package.json` file looks good.

To automatically fix any problems, use the --fix option.

vax ~/Projects/my-node-project --fix

> info: No .npmrc file found. I created one for you.
> info: Your `package.json` file looks good.
> info: I reinstalled and shrinkwrapped your dependencies for you.

Open source licensing info

  1. TERMS
  3. CFPB Source Code Policy