7 tools and resources
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
Mitigate security concerns of Dependency Confusion supply chain security risks.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A curated list of known malicious NPM packages
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
Lint lockfiles for improved security and trust policies.
Detailed analysis of the event-stream incident and actions taken by npm Security.