Jump to content
NEW CS 1.6 =>>> 51.136.20.230:27015 ×
NEW CS 1.6 =>>> 51.136.20.230:27015

Protect JavaScript applications from malicious NPM packages


Sayf pack

JavaScript developers will be better equipped to prevent malicious packages from slipping into their applications thanks to a trio of tools released by JFrog, the software company claims.

The tools – npm-secure-install, package-checker, and npm_issues_statistic – are designed to address some of the thorniest security problems of using open-source software packages.

Among other things, they validate whether package versions can be trusted, secure installations, and monitor applications for potentially troublesome components.

 

Jfrog-npm-tools
JFrog’s new suite of security tools is meant to secure the supply chain in regards to NPM dependencies. Package-checker verifies whether a specific version of an NPM package can be trusted. It looks for signs of packages used in supply-chain attacks and can identify potential risks with newly released versions.

Npm-secure-install, meanwhile, is a package installer that enforces secure practices, such as preventing global installation of packages unless they contain npm-shrinkwrap.json, a specification that ensures everyone gets the same version of all dependencies.

 

Original Article: https://portswigger.net/daily-swig/tool-trio-released-to-protect-javascript-applications-from-malicious-npm-packages

 

If you’re a developer, beware of this node-ipc npm package
A very popular npm package node-ipc has been injected with malicious code that would replace files with a heart emoji and also create a file with the name of ‘WITH-LOVE-FROM-AMERICA.txt’
The creator of the library called it “protestware” as an act of protest Ukraine war.


User Feedback

Recommended Comments

There are no comments to display.


×
×
  • Create New...

We understand that ads can be intrusive at times, but we strive to strike a balance between providing valuable content and displaying non-intrusive advertisements. Your support in disabling AdBlock ensures that we can maintain this balance and continue offering the content you enjoy.

Thank you for considering this request. Your support means a lot to us, and it enables us to keep delivering the content you love.

Done