Links
Comment on page

lstn for JavaScript

Behavioural monitoring and security for npm packages.
lstn is a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies.
Powered by best-in-class behavioural analytics, it monitors every change in your package.json to provide:
  • Deep visibility into your node_modules through observing the network, filesystem and process activities – not just a static, top level view
  • Context to understand the impact of dependency changes (such as runtime traces) on your development workflows, apps and infrastructure
  • Protection against novel supply chain risks such as obfuscated code, malicious install scripts, binary tampering
  • Actionable guidance for prioritization and remediation
lstn command example
We encourage the practice of running a lstn scan every time before adding a new dependency or updating an existing dependency to a new version.
lstn currently supports the following:
  • Languages: JavaScript, TypeScript and CoffeeScript
  • Package managers: npm, monorepos (coming soon)
See our roadmap for what we have in the works.
Last modified 4mo ago
© 2023 Garnet Labs