Npm introduced a new feature in version 6.0, called npm audit:
https://blog.npmjs.org/post/173719309445/npm-audit-identify-and-fix-insecure
npm audit is a new command that performs a moment-in-time security review on a project dependency tree. Audit reports contain information about security vulnerabilities of dependencies and can help to fix a vulnerability by providing npm commands and recommendations for further troubleshooting.