pkgsign is a CLI tool for signing and verifying npm and yarn packages. It allows for signing packages with PGP private keys or keybase.io for simplicity. Recently, several packages went missing from the npm registry, highlighting the importance of package signing to prevent unauthorized modifications and ensure trust in package sources.

FEATURES

This tool is not verified yet and doesn't have listed features.

Did you submit the verified tool? Sign in to add features.

Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.

ALTERNATIVES

Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.

Catch up on the latest cybersecurity news and updates from around the world.

Node package for preparing CTF events with OWASP Juice Shop challenges for popular CTF frameworks.

PLC-side fuzzing tool for uncovering vulnerabilities in ICS control applications.

Certificate Transparency Monitor that alerts you when an SSL/TLS certificate is issued for your domains.

Syntax, indent, and filetype detection for YARA rule files with auto-indenting and error display in quickfix window.