DEV Community

Cover image for Detect Marak Squires packages with NodeSecure
Thomas.G
Thomas.G

Posted on • Edited on

Detect Marak Squires packages with NodeSecure

Hello πŸ‘‹

I'm writing this article quickly for all the developers who would like to detect 🚩 Marak dependencies in their project to secure themselves.

I made the decision to take a stand based on the impact of Marak's latest publications (which don't seem to be stopping anytime soon 😰).

NodeSecure can now detect packages created by Marak and it will generate a global warning ⚠️.

CLI:
NodeSecure CLI

In the UI (top right corner):
NodeSecure UI

What is NodeSecure ?

Read more about our tools and organization here.

Our main tool is a CLI/API that will fetch and deeply analyze the dependency tree of a given npm package (Or a local project with a package.json) and output a .json file that will contains all metadata and flags about each packages. All this data will allow to quickly identify different issues across projects and packages (related to security and quality).

How to use ?

$ npm install @nodesecure/cli -g

# Scan an npm package and open it in the WebUI
$ nsecure auto express

# Omit the package name to scan a local project
$ nsecure auto
Enter fullscreen mode Exit fullscreen mode

Complete CLI documentation here.


Hoping that this will help.

Best Regards,
Thomas

Top comments (1)

Collapse
 
jzombie profile image
jzombie

Thank you for doing this.