GitHub Advisory Database now powers npm audit

Supply chain security in software development is being enhanced by integrating the npm audit tool with the GitHub Advisory Database, a curated set of over 5,000 security vulnerabilities. This integration allows developers to efficiently scan their Node.js project dependencies for known vulnerabilities, providing a URL for more information and detailing which versions have resolved the issues. By combining npm's advisory database with GitHub's, developers can access consistent security advisories across tools such as npm audit and Dependabot, eliminating the need to check multiple databases. A new proxy enables the npm CLI to directly communicate with the GitHub Advisory Database, while advisories on npmjs.com are redirected to it, offering advanced search and sorting capabilities. This alignment ensures developers have access to uniform, high-quality vulnerability data, thereby focusing on maintaining secure development practices on both npm and GitHub.