npq Logo

npq

0
Free
Visit Website

npq is a tool that safely installs packages with npm/yarn by auditing them as part of your install process. It performs sanity checks to ensure the package is safe to install, including: * Consulting the Snyk.io database of publicly disclosed vulnerabilities * Checking package age on npm * Verifying package download count as a popularity metric * Ensuring the package has a README file * Verifying the package has a LICENSE file * Checking for pre/post install scripts Once installed, npq can be used to safely install packages, such as `npq install express`.

FEATURES

ALTERNATIVES

A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.

Tool to inform about potential risks in project dependencies list.

Orchestration toolchain for scanning source code and infrastructure IaC against security risks.

InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection

Important security headers for Fastify with granular control over application routes.

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

A serverless application that demonstrates common serverless security flaws and weaknesses

A tool to profile web applications based on response time discrepancies.