🎯 Goal: - Detect when some code has vulnerabilities or when a developer is fetching a suspicious package

🤔 More info:

• Tools like sync alike can provide E2E CVE shield free for OSS projects
• Run as part of CI
• Beyond just realizing CVE (vulnerabilities), they have advanced capabilities of warning/PR when dependencies are outdates

Would something like Snyk Open Source be what you're thinking of for this item?

Created an organization in Snyk and added this repo:
https://app.snyk.io/org/practica.js/projects

@goldbergyoni Invited you to the organization. Also, I sent a access request for snyk to Practica org