A built-in npm command that checks your installed packages against a database of known security vulnerabilities. Running it before you ship helps you catch dangerous flaws in third-party code before your users are exposed.