Show HN: Socket web extension – free NPM supply chain protection Hey HN, I'm Arjun, an 18-year-old intern at Socket. I've been working on a project that I'm really excited to share with you all - a browser extension that makes it easier to check the security of NPM packages before you use them. You can try the extension on any Chromium-based browser or on Firefox. - Chrome extension: https://ift.tt/4fCIaTS - Firefox add-on: https://ift.tt/zgVlptQ Socket scans NPM packages for malware, vulnerabilities, code smell, and unwanted behavior using AI and some very powerful in-house static analysis we've been perfecting over the last 2 years. As the primary developer of Parcel.js' web extension transformer ( https://ift.tt/k7vucyr ), I thought it would be cool to use my own work on Parcel to create a useful extension during my internship at Socket. The extension displays scores alongside each package indicating quality, security, maintenance, and other useful metrics. It also tells you if a package accesses the network when it shouldn't need to, or if it runs malware in an install script. You can learn more about its features in my blog post: https://ift.tt/1ZC2Yuv Feel free to ask any questions you have about Socket, the extension or even my work on Parcel. Excited to hear your feedback! - Arjun https://ift.tt/4fCIaTS August 1, 2023 at 01:53AM
0 Comments