Top 3 TypeScript dependency-analysis Projects
-
knip
✂️ Find unused files, dependencies and exports in your JavaScript and TypeScript projects. Knip it before you ship it!
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Project mention: Find unused files, dependencies and exports in your JavaScript and TS projects | news.ycombinator.com | 2024-02-01
Project mention: JavaScript registry NPM vulnerable to 'manifest confusion' abuse | news.ycombinator.com | 2023-06-27That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.
This is not a new problem, you just have another vector.
I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.
TypeScript dependency-analysis related posts
Index
What are some of the best open-source dependency-analysis projects in TypeScript? This list will help you:
Project | Stars | |
---|---|---|
1 | knip | 5,531 |
2 | lunasec | 1,402 |
3 | npm-lint | 26 |