Show HN: Socket web extension – free NPM supply chain protection https://ift.tt/ZCIdTtH

Show HN: Socket web extension – free NPM supply chain protection Hey HN, I'm Arjun, an 18-year-old intern at Socket. I've been working on a project that I'm really excited to share with you all - a browser extension that makes it easier to check the security of NPM packages before you use them. You can try the extension on any Chromium-based browser or on Firefox. - Chrome extension: < https://chrome.google.com/webstore/detail/socket-security/jb... > - Firefox add-on: < https://addons.mozilla.org/en-US/firefox/addon/socket-securi... > Socket scans NPM packages for malware, vulnerabilities, code smell, and unwanted behavior using AI and some very powerful in-house static analysis we've been perfecting over the last 2 years. As the primary developer of Parcel.js' web extension transformer (< https://parceljs.org/recipes/web-extension/ >), I thought it would be cool to use my own work on Parcel to create a useful extension during my internship at Socket. The extension displays scores alongside each package indicating quality, security, maintenance, and other useful metrics. It also tells you if a package accesses the network when it shouldn't need to, or if it runs malware in an install script. You can learn more about its features in my blog post: < https://socket.dev/blog/socket-web-extension > Feel free to ask any questions you have about Socket, the extension or even my work on Parcel. Excited to hear your feedback! - Arjun https://ift.tt/ASjNs1n August 1, 2023 at 05:53AM

Komentar

Posting Komentar

Postingan populer dari blog ini

Show HN: Interactive exercises for GNU grep, sed and awk https://ift.tt/OxeFwah

Show HN: Interactive exercises for GNU grep, sed and awk Hello! For the past few months, I've been using a Python framework called Textual to create TUI apps for interactive exercises. Released the app for GNU awk earlier today, so thought I'd create a post here. If you already know how to manage Python packages, you can use the following command to get all the three apps: pip install grepexercises sedexercises awkexercises `pipx` should also work, but I haven't tested it. The GitHub repo has the source code as well as more detailed installation instructions. You can use alternative CLI tools to solve these exercises as well. For example, Perl instead of GNU awk or ripgrep instead of GNU grep and so on. Hope you find these TUI apps useful. I'd highly appreciate your feedback. Happy learning :) https://ift.tt/Hp9kFEi August 17, 2023 at 05:13PM
Baca selengkapnya

Show HN: My Book Bulletproof TLS and PKI (Second Edition) Is Out https://ift.tt/5PZ9mxF

Show HN: My Book Bulletproof TLS and PKI (Second Edition) Is Out Hello HN. I am excited to share with you my new book, Bulletproof TLS and PKI. I've worked in this space since the very early days (think SSLv2), always frustrated with the fact that the field is vast but the documentation poor. That first led me to create SSL Labs (which ended up being very popular) and then the first edition of my book (in 2014), where I aimed to cover everything a curious person needed to know about SSL/TLS and PKI. Most importantly, it's a very practical book that you can use to just learn what you need at that moment. The second edition (just out) adds coverage of TLS 1.3. I publish two chapters as a separate (and free) OpenSSL Cookbook. There's another free sample chapter as well. The best part of Bulletproof TLS and PKI is that it's a living book. There's nothing worse than obsolete documentation! Because none of the traditional publishers were interested in that sort of thing,
Baca selengkapnya