Comment on page


Why should I use is provides a unique solution that provides behavioural insights on dependencies during the development lifecycle. Dev-time observability on open source packages can be used to proactively detect issues that could affect the security and performance of your software.
Read more about our approach here.
How do i get started?
Install lstn in in your local or CI environments using this guide.
How do you protect unknown risks?
Our analysis engine and team constantly monitors the npm registry and flags abnormal behavior (which could potentially indicate malicious activity), and alerts users so they can investigate or block risky dependencies before using them.
Read more here.
What type of attacks do you prevent? focuses on unknown threats that might not have been publicly disclosed in CVE databases. Read more our threat coverage here.
How does ensure the privacy of my data? What permissions does it have?
We only read the manifest files (such as package.json) and metadata inside your project’s repository. We do not read any of your code or sensitive data, neither do we run any of your code on your servers. If you want to learn more, check out the detailed docs and our client code which is open source. If you have any specific concerns or feedback, we would love to chat 1:1.
What are the requirements to deploy
You can install and run the tool on your local machine or servers. Follow the integration guides for instructions specific to your OS and environment.
Language coverage
We currently JavaScript/npm. See roadmap for what we have in the works.
Last modified 9mo ago
© 2023 Garnet Labs