Links

lstn for JavaScript

Behavioural monitoring and security for npm packages.
lstn is a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies.
By monitoring every change in your dependency tree using dynamic analysis of package behavior, listen.dev offers:
  • Deep visibility into your node_modules through observing the network, filesystem and process activities – not just a static, top level view
  • Context to understand the impact of dependency changes on your development workflows, apps and infrastructure
  • Protection against novel supply chain risks such as obfuscated code, malicious install scripts, tampering
  • Relevant and actionable context on prioritization and remediation
lstn command example
We encourage the practice of running a lstn scan every time before adding a new dependency or updating an existing dependency to a new version.
lstn currently supports the following open source ecosystems:
  • Languages: JavaScript, TypeScript and CoffeeScript
  • Package managers: npm
See our roadmap for what we have in the works.
© 2023 Garnet Labs