jfrog-npm-tools

A collection of tools to help audit your NPM dependencies for suspicious packages or continuously monitor dependencies for future security events.

The tools:

npm-secure-install - Validate dependencies are locked down to the exact versions before installation of global tools

package-checker - Python command line tool that checks a dependency string for what will actually be installed and whether it is suspicious

npm_issues_statistics - Analyzes github comments to find unusual activity that might correlate to compromised dependency

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
npm-secure-installer		npm-secure-installer
npm_issues_statistics		npm_issues_statistics
package_checker		package_checker
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md

Folders and files