What is VEX?
As we highlighted in our post on False Positives in Vulnerability Scanning,1 output of vulnerability assessment tools like npm audit
can be cumbersome because it lacks context. VEX (Vulnerability EXchange) is a new standard developed by the NTIA to exchange information about which vulnerabilities are actually exploitable in a product.