As I wrote previously, NPM got a great tool for checking security of the dependencies – npm audit.
However, if running npm audit and using private package registry (Proget, Artifactory, etc), it may fail with “npm ERR! 400 Bad Request – POST” when trying to send audit details collected about your dependencies for checking to https://<YOUR FEED URI>/-/npm/v1/security/audits – the assumed security audit endpoint of the private registry. Most likely, your registry doesn’t replicate official npm security API.
To fix the issue, simply add the public registry endpoint to your npm audit command line:
npm audit --registry="https://registry.npmjs.org/"