Introducing "safe npm", a Socket npm Wrapper - Socket

Socket’s “safe npm” tool transparently wraps the npm command and protects developers from malware, typosquats, install scripts, protestware, telemetry, and more.

When a developer attempts to install a malicious or risky package, Socket pauses the installation and informs the developer about the risk.

Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies.

For people wishing to avoid typing out socket npm a shell alias like the following in yourbashrc orzsh: alias npm="socket-npm" alias npx="Socket-npx" For our initial release of "safe npm" wrapper we only support default socket.yml settings.