Sandworm Audit is a free and open source command-line tool designed to scan your project and dependencies for security vulnerabilities, license compliance issues, and other metadata problems. It works with any modern JavaScript package manager and supports custom license policies. With Sandworm Audit, you can generate easy-to-read reports that include JSON issue and license usage reports, CSV files of all dependencies and license information, and SVG dependency tree and treemap visualizations.

Google recently published a security scanner named OSV Scanner, that checks your files for vulnerabilities that hide in your code. It connects and checks for all issues collected on the OSV database. It is a great tool for developers to quickly check their code for vulnerabilities before they are released to the public.