Security Tools

Check your open source dependencies for critical vulnerabilities.

Yarn

$ yarn audit --level critical

NPM

$ npm audit | grep Critical -B3 -A10

Ruby Gems

$ gem install bundler-audit $ bundle audit

Run all development projects through Docker, a virtual machine, or a remote machine to protect your system and other projects.

Resources

• NPM Advisories

• NPM Security

• MacOS security and privacy guide

• Docker for Mac

• Using Node in Docker

• Bundler Audit

• OWASP Cheat Sheets

Malicious NPM packages

• https://blog.bitsrc.io/malicious-npm-development-kit-a02401e6537e

• https://www.twilio.com/blog/2017/08/find-projects-infected-by-malicious-npm-packages.html

• https://news.ycombinator.com/item?id=17283394

• https://www.google.com/amp/s/www.zdnet.com/google-amp/article/malicious-npm-packages-caught-installing-remote-access-trojans/