.svg){kind=icon}
email
A tool for preventing the installation of malicious PyPI and npm packages 
.
Supply-Chain Firewall is a command-line tool for preventing the installation of malicious PyPI and npm packages. It is intended primarily for use by engineers to protect their development workstations from compromise in a supply-chain attack.
Related contents:
GuardDog is a CLI tool to Identify malicious PyPI and npm packages.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata.
GuardDog can be used to scan local or remote PyPI and npm packages or Go modules using any of the available heuristics.
Related contents:
Publish packages as git tags.
Works with projects with build steps.
Works with projects with multiple packages (monorepos).
Lightweight git tags (only the files needed are included).
Search for a package to see its download stats over time.
Visualize npm downloads in a beautiful chart, ready to be shared with your community.
Stop wrestling with code dependencies. Use Codependence! 
♀️
Codependence is a JavaScript utility for checking dependencies to ensure they're up-to-date or match a specified version.
Wireit upgrades your npm/pnpm/yarn scripts to make them smarter and more efficient.
Continuous (Preview) Releases for your libraries!
With pkg.pr.new, each of your commits and pull requests will trigger an instant preview release without publishing anything to NPM. This enables users to access features and bug-fixes without the need to wait for release cycles using npm or pull request merges.
An updating monorepo full of self-hostable Open Source fonts bundled into individual NPM packages!.
The open-source package registry for modern JavaScript and TypeScript.
JSR is designed for TypeScript. You publish TypeScript source, and JSR handles generating API docs, .d.ts files, and transpiling your code for cross-runtime compatibility.
JSR packages are distributed as web-standard ECMAScript modules.
a package manager for the web.
Bower offers a generic, unopinionated solution to the problem of front-end package management, while exposing the package dependency model via an API that can be consumed by a more opinionated build stack. There are no system wide dependencies, no dependencies are shared between different apps, and the dependency tree is flat.
NPM Dependency Diagrams. A tool for exploring NPM modules and dependencies.
Check NPM packages for manifest confusion.
A python script to check npm packages for manifest mismatches.
Secure your supply chain. Ship with confidence.
Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies.
Easily find and remove old and heavy node_modules folders
search millions of open source JavaScript packages.
Load optimized npm packages with no install and no build tools.
A really fast package manager
Discover similar packages from package.json contents.
Bun is a fast all-in-one JavaScript runtime
Bundle, transpile, install and run JavaScript & TypeScript projects — all in Bun. Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in.
Related contents: