safe-npm | safe-node | |
---|---|---|
2 | 2 | |
2 | 1 | |
- | - | |
0.0 | 0.0 | |
about 2 years ago | about 2 years ago | |
JavaScript | JavaScript | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
safe-npm
safe-node
-
Show HN: Mitigate against 0-day supply chain attacks with safe-NPM
Hello there, i did this mainly to show that there exist some steps we can take today in order to mitigate some of the risks related to supply chain attacks that don't involve major rewrites. Another attempt i had done earlier was safe-node https://github.com/stagas/safe-node which does permission prompts for network and file access similarly to deno.
These are not meant to be full solutions but rather proofs-of-concept and a nudge to get the discussion going into the direction of making the ecosystem safe again. Let me know what you think or if these are entirely the wrong approach and perhaps what else could we do? Cheers.
- Show HN: Safe-node – PoC of node with permissions prompts a la Deno
What are some alternatives?
audit-ci - Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
node-safe - 🤠 Make using Node.js safe again with Deno-like permissions
node-fast-ratelimit - :umbrella: Fast and efficient in-memory rate-limit for Node, used to alleviate most common DOS attacks.
password-generator - A fast, simple, and powerful open-source utility tool for generating strong, unique, and random passwords. The Password Generator supports various types of passwords including base64-encoded, memorable, and complex strong passwords.
npq - 🎖safely* install packages with npm or yarn by auditing them as part of your install process