When using a package manager like npm
you have the ability to run npm audit
on your package.json file to check for any known vulnerabilities. You can then add this check to your CI Pipeline to continually check for issues.
However, if you use Rails 7 importmaps, you’re often referencing CDNs or packages that are downloaded to the vendor folder so what strategies are people using to automatically check JavaScript packages for known vulnerabilities in this situation?