Vulnerability Database

NPM Packages Exposure

NPM is a package manager for JavaScript. It was created in 2009 and is used primarily to manage dependencies of Node.js-related projects.

NPM artefacts such as package.json and package.lock can reveal the presence of internal software dependencies, version, directories and other sensitive information that be used by attackers.


Ensure that all build artefacts such as package.json and package.lock are removed prior to publishing your solution.


  • Specifically designed for medium and large Enterprises
  • All Tools, Services, and Plans
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing