Hi 馃憢
I'm wondering now that npm audit is out, how could we bring together both tools somehow. Are there any plans regarding this?
I personally didn't have time to analyse the way npm audit is doing it's magic, maybe it's using snyk under the hood! 馃槣
Sorry if this is not the correct repo to ask about this 馃槄
npm audit is using nsp(node security platform). not snyk.
I scanned 20 packages which come from github. the result is

It seems that npm audit returns more Vulnerabilitys, But I checked their vulnerability db, synk has 1142 vulnerabilities but npm only has 612 vulnerabilities, looks wired. 馃槚
Hello 馃憢
npm audit includes devDependencies, whereas snyk does not (by default).
You can include dev deps with the Snyk CLI as follows: snyk test --dev
Hope that helps!
@darscan Thanks so much, that's totally make sense now, snyk results are better than npm audit now
This also confused me. I assumed they were the same thing bc the reports are so similar. I have the opposite case though - more issues on Snyk than npm audit.
Hey all! Here's a un-biased, 3rd party (from the folks at nearForm) blog post that gives a really detailed comparison between Snyk and npm audit. I think this will clarify a lot for people watching this issue!
https://www.nearform.com/blog/comparing-npm-audit-with-snyk/
TL;DR
"The npm audit is a great free tool for package vulnerability awareness. It comes integrated with the main Node.JS package manager. Still, Snyk offers substantially more functionality with a more friendly user interface and its liberal licensing, it deserves a consideration for DevSecOps arsenal, by enterprise IT teams that require a more complete security solution."
Hi everyone, this issue has been untouched for a while so I'm closing it. We'd love to hear if you have any more feedback or questions about Snyk and npm audit or just Snyk in general, so feel free to open a new issue. Thanks! 馃憢
Most helpful comment
Hey all! Here's a un-biased, 3rd party (from the folks at nearForm) blog post that gives a really detailed comparison between Snyk and npm audit. I think this will clarify a lot for people watching this issue!
https://www.nearform.com/blog/comparing-npm-audit-with-snyk/
TL;DR
"The npm audit is a great free tool for package vulnerability awareness. It comes integrated with the main Node.JS package manager. Still, Snyk offers substantially more functionality with a more friendly user interface and its liberal licensing, it deserves a consideration for DevSecOps arsenal, by enterprise IT teams that require a more complete security solution."