npm audit cries wolf. I built a zero-dep CLI that tells you what to actually fix (opens in new tab)

You run npm audit. It prints 47 vulnerabilities in angry red. You scroll through two screens of them, and slowly realize: a dozen are in your build tooling and never ship, half have no fix you can apply, and the rest are low. The one thing that actually matters — a critical in a production dependency with a one-command fix — is buried somewhere in the middle. So you do what everyone does. You stop reading. Maybe you slap || true on the CI step. And that is exactly the habit that lets a real c...