npq is a tool that safely installs packages with npm/yarn by auditing them as part of your install process. It performs sanity checks to ensure the package is safe to install, including: * Consulting the Snyk.io database of publicly disclosed vulnerabilities * Checking package age on npm * Verifying package download count as a popularity metric * Ensuring the package has a README file * Verifying the package has a LICENSE file * Checking for pre/post install scripts Once installed, npq can be used to safely install packages, such as `npq install express`.
FEATURES
SIMILAR TOOLS
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A brute-force protection middleware for express routes that rate-limits incoming requests.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.