Node.js security advisories

I like the idea of having a centralized repository of these advisories, but I need a better way of watching for changes for this to be effective. I was hoping that the Twitter feed would be that (I would just turn on SMS notification), but the Twitter feed is full of general low-value tweets like "Thanks @espreto for being our 1000th follower!". Perhaps a separate Twitter feed could be created (@nodesecurityadvisories?) that only tweets when new advisories are posted on the site?

Can't this be made simpler. Something like a cli call npm vulnerable This could take the package.json and list which of my packages need to be upgraded or downgraded to be secure as per the known issues database.

At least a RSS stream will be needed ?!

That connect vulnerability is pretty significant. Makes me pay attention despite the fact there's no way to syndicate the feed.

How does node.js have <i>security</i> advisories? Isn&#x27;t the fact that it&#x27;s built on top of JavaScript kind of throw the idea of security out the window to start with? Shouldn&#x27;t we start with <i>JavaScript security advisories</i> first?<p>Honest question, have you ever seen a public Javascript security advisory?