lstn for JavaScript
Behavioural monitoring and security for npm packages.
lstn
is a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies. By monitoring every change in your dependency tree using dynamic analysis of package behavior, listen.dev offers:
- Deep visibility into your
node_modules
through observing the network, filesystem and process activities – not just a static, top level view - Context to understand the impact of dependency changes on your development workflows, apps and infrastructure
- Protection against novel supply chain risks such as obfuscated code, malicious install scripts, tampering
- Relevant and actionable context on prioritization and remediation
lstn command example
We encourage the practice of running a
lstn
scan every time before adding a new dependency or updating an existing dependency to a new version.lstn currently supports the following open source ecosystems:
- Languages: JavaScript, TypeScript and CoffeeScript
- Package managers: npm
Last modified 1mo ago