npq
npq is a tool that safely installs packages with npm/yarn by auditing them as part of your install process. It performs sanity checks to ensure the package is safe to install, including: * Consulting the Snyk.io database of publicly disclosed vulnerabilities * Checking package age on npm * Verifying package download count as a popularity metric * Ensuring the package has a README file * Verifying the package has a LICENSE file * Checking for pre/post install scripts Once installed, npq can be used to safely install packages, such as `npq install express`.
FEATURES
SIMILAR TOOLS
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Automatic authorization enforcement detection extension for Burp Suite
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
A developer-first, API-driven platform that provides development teams with a suite of tools to improve code quality, security, and engineering performance, seamlessly integrated into their existing development workflows.
Prevents you from committing passwords and other sensitive information to a git repository.
Curiefense is an application security platform that protects against various threats and offers community involvement.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.