Software Development Timesaver #722 Jan 2022
Often nowadays on GitHub you get these Dependabot alerts, and if you’re using Node you often have a vulnerability far down the dependency hierarchy. It is not that easy to assert just from the alert alone which dependency of your project that actually depends on the vulnerable dependency in question.
There is a handy command you can use for this:
npm ls <package_name>
For example, in the case of follow-redirects you get this output that clearly shows that follow-redirects is used by webpack-dev-server in your project: