lstn for JavaScript

Behavioural monitoring and security for npm packages.

lstn is a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies. 
By monitoring every change in your dependency tree using dynamic analysis of package behavior, listen.dev offers: 
Deep visibility into your node_modules through observing the network, filesystem and process activities – not just a static, top level view 
Context to understand the impact of dependency changes on your development workflows, apps and infrastructure 
Protection against novel supply chain risks such as obfuscated code, malicious install scripts,  tampering
Relevant and actionable context on prioritization and remediation    

lstn command example
We encourage the practice of running a lstn scan every time before adding a new dependency or updating an existing dependency to a new version.
lstn currently supports the following open source ecosystems:
Languages: JavaScript, TypeScript and CoffeeScript
Package managers: npm
See our roadmap for what we have in the works.

listen.dev Documentation

Next - Getting Started

Quick Start

Last modified 1mo ago