Behavioural monitoring and security for npm packages.
lstnis a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies.
By monitoring every change in your dependency tree using dynamic analysis of package behavior, listen.dev offers:
- Deep visibility into your
node_modulesthrough observing the network, filesystem and process activities – not just a static, top level view
- Context to understand the impact of dependency changes on your development workflows, apps and infrastructure
- Protection against novel supply chain risks such as obfuscated code, malicious install scripts, tampering
- Relevant and actionable context on prioritization and remediation
lstn command example
We encourage the practice of running a
lstnscan every time before adding a new dependency or updating an existing dependency to a new version.
lstn currently supports the following open source ecosystems:
- Package managers: npm