Is it possible to do security/quality scan all the files from node_modules folder?

Hey there.

We normally advise against scanning third-party libraries as part of your own projects, since the metrics and issues from them can pollute your own metrics and issues, making it difficult to see what’s going on in your own developed code. Developers aren’t typically empowered to change code in third-party libraries they’re using in their projects.

This is why folders like node_modules are excluded from analysis by default.

If you are looking for an understanding of what vulnerable code might exist in those libraries, we’d suggest finding a good SCA (software component analysis) tool that fits your needs.