Open
Description
It would be useful if composer audit could work for npm-asset/ packages.
composer audit reads a security-advisories key in the JSON returned by the repository.
Some other third-party Composer repositories have already implemented it (for example: https://repo.packagist.org/p2/drupal/core.json).
It should be possible to call the the NPM audit API (https://registry.npmjs.org/-/npm/v1/security/audits) and convert the result to the Composer format when building the Composer repository.
(I created a Composer plugin that does this but as a separate command: https://github.com/prudloff-insite/composer-npm-audit)