Jump to content
NEW CS 1.6 =>>> ×
NEW CS 1.6 =>>>

Protect JavaScript applications from malicious NPM packages

Sayf pack

JavaScript developers will be better equipped to prevent malicious packages from slipping into their applications thanks to a trio of tools released by JFrog, the software company claims.

The tools – npm-secure-install, package-checker, and npm_issues_statistic – are designed to address some of the thorniest security problems of using open-source software packages.

Among other things, they validate whether package versions can be trusted, secure installations, and monitor applications for potentially troublesome components.


JFrog’s new suite of security tools is meant to secure the supply chain in regards to NPM dependencies. Package-checker verifies whether a specific version of an NPM package can be trusted. It looks for signs of packages used in supply-chain attacks and can identify potential risks with newly released versions.

Npm-secure-install, meanwhile, is a package installer that enforces secure practices, such as preventing global installation of packages unless they contain npm-shrinkwrap.json, a specification that ensures everyone gets the same version of all dependencies.


Original Article: https://portswigger.net/daily-swig/tool-trio-released-to-protect-javascript-applications-from-malicious-npm-packages


If you’re a developer, beware of this node-ipc npm package
A very popular npm package node-ipc has been injected with malicious code that would replace files with a heart emoji and also create a file with the name of ‘WITH-LOVE-FROM-AMERICA.txt’
The creator of the library called it “protestware” as an act of protest Ukraine war.

User Feedback

Recommended Comments

There are no comments to display.

  • Create New...

We understand that ads can be intrusive at times, but we strive to strike a balance between providing valuable content and displaying non-intrusive advertisements. Your support in disabling AdBlock ensures that we can maintain this balance and continue offering the content you enjoy.

Thank you for considering this request. Your support means a lot to us, and it enables us to keep delivering the content you love.