A collection of tools to help audit your NPM dependencies for suspicious packages or continuously monitor dependencies for future security events.
The tools:
- npm-secure-install - Validate dependencies are locked down to the exact versions before installation of global tools
- package-checker - Python command line tool that checks a dependency string for what will actually be installed and whether it is suspicious
- npm_issues_statistics - Analyzes github comments to find unusual activity that might correlate to compromised dependency