- Install NSP as a devDependency.
- Add an audit script to package.json that calls nsp check.
- Create a Jenkins job that runs each commit (non-voting) or periodically (report failures to #wikimedia-reading-web-bots).
More context available in the internal email titled "Follow up from monthly Readers".