Socket’s “safe npm” is a command-line tool that wraps the npm command transparently and protects developers from malware, typo squats, install scripts, protestware, telemetry, and more. It works with all npm commands that can install new third-party code, including npm install, npm update, npm uninstall, npm rm, npm exec, and npx.
If safe npm detects a risk, it pauses the installation and informs the developer about it. The developer can either stop the installation and protect their machine or continue the process if they know it’s safe to install.
Installing the wrapper script is easy:
After this you can use
socket npm install instead of
npm install to use the wrapper.
Of course, who likes to learn a new command? Which is why we add the following lines to our
.bashrc configuration (or the place where our aliases live):
npm install and it’s siblings will use the safe npm script to execute.
This post is part of #100DaysToOffload 48 posts since Dec 04, 2022 — 85 total posts