npm-lint VS steal-ur-stuff

Compare npm-lint vs steal-ur-stuff and see what are their differences.

npm-lint

A linter for npm & node package.json files with a focus on dependency security (by tanepiper)
Linter linting-rules Npm npm-scripts NodeJS Security security-tools dependency-analysis
Source Code
Suggest alternative
Edit details

steal-ur-stuff

Steal Ur Stuff (by tanepiper)
Suggest topics
Source Code
Suggest alternative
Edit details
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
npm-lint steal-ur-stuff
4 8
26 21
- -
0.0 0.0
about 4 years ago almost 7 years ago
TypeScript
MIT License -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

npm-lint

Posts with mentions or reviews of npm-lint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-06-27.
  • JavaScript registry NPM vulnerable to 'manifest confusion' abuse
    3 projects | news.ycombinator.com | 27 Jun 2023
    That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.

    This is not a new problem, you just have another vector.

    I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.

    https://github.com/tanepiper/npm-lint

  • Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
    4 projects | /r/javascript | 18 Apr 2023
    Also ended up writing a similar tool but didn't take it much further.
  • npm package to upload your private ssh keys to a pastebin
    3 projects | /r/javascript | 18 Mar 2022
    I did try come up with a npm linter but never really completed it.
  • Getting rid of NPM scripts
    4 projects | news.ycombinator.com | 26 Dec 2020
    A while back I wrote a opt-in tool called npl-lint[1] that would allow some CI-level enforcement of rules in package.json although I didn't go too far with it - one thing was to check the scripts section and allow whitelisted apps, or whitelisted sources for dependencies.

    It came about because I ended up having a spat with one of the NPM engineers at the time because they launched npx with the ability to run arbitrary gists[2] and this was before 2FA (FWIW you can still absolutely do this with npx).

    I wrote a proof of concept[3] that showed you could, inside a package.json add a command to install another package from a gist location, and then use that to steal credentials, bash history, etc.

    [1] https://github.com/tanepiper/npm-lint

steal-ur-stuff

Posts with mentions or reviews of steal-ur-stuff. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-06-27.

What are some alternatives?

When comparing npm-lint and steal-ur-stuff you can also consider the following projects:

ultra-runner - 🏃⛰ Ultra fast monorepo script runner and build tool

cli - Command line interface for the Phylum API

pnpm - Fast, disk space efficient package manager

actual-malware - Useful library dependency

asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more

npm

HomeBrew - 🍺 The missing package manager for macOS (or Linux)

event-stream - EventStream is like functional programming meets IO

project

git-open - Type `git open` to open the GitHub page or website for a repository in your browser.

npm-lint vs ultra-runner steal-ur-stuff vs cli npm-lint vs pnpm steal-ur-stuff vs actual-malware npm-lint vs actual-malware steal-ur-stuff vs asdf steal-ur-stuff vs npm steal-ur-stuff vs HomeBrew steal-ur-stuff vs event-stream steal-ur-stuff vs project steal-ur-stuff vs git-open