Is your feature request related to a problem? Please describe.
The NodeAuditAnalyzer currently relies on the NPM v1 security audit API. This has had some recent stability problems, but as of 15 April 2026 it has started largely returning HTTP 410 errors with This endpoint is being retired. Use the bulk advisory endpoint instead. See the following docs for more info: https://api-docs.npmjs.com/#tag/Audit
At time of writing, there appears to be nothing official on GitHub/npm blog : https://github.blog/tag/npm/
Describe the solution you'd like
We'll have to evaluate whether we should use the bulk advisories endpoint, or whether we should be directly integrating at all anymore. https://api-docs.npmjs.com/#tag/Audit/operation/bulkAudit
I suspect we should just drop the code entirely though, and use npm CLI directly like the pnpm analyzer does.
Additional context
Is your feature request related to a problem? Please describe.
The NodeAuditAnalyzer currently relies on the NPM v1 security audit API. This has had some recent stability problems, but as of 15 April 2026 it has started largely returning HTTP 410 errors with
This endpoint is being retired. Use the bulk advisory endpoint instead. See the following docs for more info: https://api-docs.npmjs.com/#tag/AuditAt time of writing, there appears to be nothing official on GitHub/npm blog : https://github.blog/tag/npm/
Describe the solution you'd like
We'll have to evaluate whether we should use the bulk advisories endpoint, or whether we should be directly integrating at all anymore. https://api-docs.npmjs.com/#tag/Audit/operation/bulkAudit
I suspect we should just drop the code entirely though, and use
npmCLI directly like thepnpmanalyzer does.Additional context