Skip to main content
Introducing safe npm

Safe npm commands

Socket’s “safe npm” is a command-line tool that wraps the npm command transparently and protects developers from malware, typo squats, install scripts, protestware, telemetry, and more. It works with all npm commands that can install new third-party code, including npm install, npm update, npm uninstall, npm rm, npm exec, and npx.

If safe npm detects a risk, it pauses the installation and informs the developer about it. The developer can either stop the installation and protect their machine or continue the process if they know it’s safe to install.

Installing the wrapper script is easy:

1npm install -g @socketsecurity/cli

After this you can use socket npm install instead of npm install to use the wrapper.

Of course, who likes to learn a new command? Which is why we add the following lines to our .bashrc configuration (or the place where our aliases live):

1alias npm="socket npm"
2alias npx="socket npx"

Done. npm install and it’s siblings will use the safe npm script to execute.

Recent Posts

Screenshot of sandworm.dev

Sandworm security audit

Sandworm Audit is a free and open source command-line tool designed to scan your project and dependencies for security vulnerabilities, license compliance issues, and other metadata problems. It works with any modern JavaScript package manager and supports custom license policies. With Sandworm Audit, you can generate easy-to-read reports that include JSON issue and license usage reports, CSV files of all dependencies and license information, and SVG dependency tree and treemap visualizations.

Firefox Developer Edition

Install and link Firefox Developer Edition on Ubuntu

Firefox Developer Edition is a specialized version of the Firefox browser, designed for developers and early adopters. It’s kind of a beta version, but with much more features. It comes with various tools, such as the Visual Editing, Debugging, an inspector that shows you details about the used CSS Grid, unused CSS and so on.

Netlify’s new logo

Netlify’s new logo

Netlify, one of my favorite deployment options and a web development platform, has recently introduced a new logo, marking a significant step towards a new overall visual identity. The company has used its signature teal gem logo for the past eight years, which has remained unchanged since its inception.

Photo by Shubh karman Singh via Unsplash

Refactoring my screenshot script

My go-to-script to create a screenshot as header images of posts about a website was for a long time this: js COPY 1const { chromium } = require('playwright'); 2(async () => { 3let browser = await chromium.launch(); 4 let page = await browser.

Photo by Gabriel Heinzer via Unsplash

Fixing package dependency issues on Ubuntu with APT

Have you ever tried installing a program on your Ubuntu and ran into error messages about unconfigured dependencies? Don’t worry; it happens to the best of us. For example, when you install a program, it might rely on other software packages to run correctly; if those dependencies are not met, the program won’t work.

Photo by Todd Quackenbush via Unsplash

Notes from the Laboratory: February 2023

I am trying this new “thing” of “reporting” what I was up to in a certain time period this year, and monthly reviews just sound like something normal people would do. So bear with me while I am typing up this report.

Back to top
Back Forward