Comment on page
lstn for JavaScript
Behavioural monitoring and security for npm packages.
lstn
is a tool that brings the power of listen.dev right inside your development workflows. You can run it locally, or in your CI/CD pipelines to detect and block malicious dependencies. Powered by best-in-class behavioural analytics, it monitors every change in your
package.json
to provide: - Deep visibility into your
node_modules
through observing the network, filesystem and process activities – not just a static, top level view - Context to understand the impact of dependency changes (such as runtime traces) on your development workflows, apps and infrastructure
- Protection against novel supply chain risks such as obfuscated code, malicious install scripts, binary tampering
- Actionable guidance for prioritization and remediation
lstn command example
We encourage the practice of running a
lstn
scan every time before adding a new dependency or updating an existing dependency to a new version.lstn currently supports the following:
- Languages: JavaScript, TypeScript and CoffeeScript
- Package managers: npm, monorepos (coming soon)
Last modified 4mo ago