1 article with this tag
osv-scanner scans lockfiles and containers to surface CVEs in your dependencies, free. This walks through install, run, and CI integration, plus when to use it vs npm/pnpm audit vs Dependabot. This site's view: the right tool is decided by YOUR setup — reach for osv-scanner on multi-ecosystem or GitHub-free projects, and the bundled pnpm audit for a single npm tree.