npq is a tool that safely installs packages with npm/yarn by auditing them as part of your install process. It performs sanity checks to ensure the package is safe to install, including: * Consulting the Snyk.io database of publicly disclosed vulnerabilities * Checking package age on npm * Verifying package download count as a popularity metric * Ensuring the package has a README file * Verifying the package has a LICENSE file * Checking for pre/post install scripts Once installed, npq can be used to safely install packages, such as `npq install express`.
FEATURES
SIMILAR TOOLS
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots