Show HN: Socket web extension – free NPM supply chain protection https://ift.tt/k5DtWgf

Show HN: Socket web extension – free NPM supply chain protection Hey HN, I'm Arjun, an 18-year-old intern at Socket. I've been working on a project that I'm really excited to share with you all - a browser extension that makes it easier to check the security of NPM packages before you use them. You can try the extension on any Chromium-based browser or on Firefox. - Chrome extension: < https://chrome.google.com/webstore/detail/socket-security/jb... > - Firefox add-on: < https://addons.mozilla.org/en-US/firefox/addon/socket-securi... > Socket scans NPM packages for malware, vulnerabilities, code smell, and unwanted behavior using AI and some very powerful in-house static analysis we've been perfecting over the last 2 years. As the primary developer of Parcel.js' web extension transformer (< https://parceljs.org/recipes/web-extension/ >), I thought it would be cool to use my own work on Parcel to create a useful extension during my internship at Socket. The extension displays scores alongside each package indicating quality, security, maintenance, and other useful metrics. It also tells you if a package accesses the network when it shouldn't need to, or if it runs malware in an install script. You can learn more about its features in my blog post: < https://socket.dev/blog/socket-web-extension > Feel free to ask any questions you have about Socket, the extension or even my work on Parcel. Excited to hear your feedback! - Arjun https://ift.tt/AjcV4Y9 August 1, 2023 at 04:23AM