Safe npm commands
Socket’s “safe npm” is a command-line tool that wraps the npm command transparently and protects developers from malware, typo squats, install scripts, protestware, telemetry, and more. It works with all npm commands that can install new third-party code, including npm install, npm update, npm uninstall, npm rm, npm exec, and npx.
If safe npm detects a risk, it pauses the installation and informs the developer about it. The developer can either stop the installation and protect their machine or continue the process if they know it’s safe to install.
Installing the wrapper script is easy:
1npm install -g @socketsecurity/cli
After this you can use socket npm install
instead of npm install
to use the wrapper.
Of course, who likes to learn a new command? Which is why we add the following lines to our .bashrc
configuration (or the place where our aliases live):
Done. npm install
and it’s siblings will use the safe npm script to execute.
This post is part of #100DaysToOffload (total posts:57)