DEV Community

Cover image for Detect Marak Squires packages with NodeSecure
Thomas.G
Thomas.G

Posted on β€’ Edited on

5 2

Detect Marak Squires packages with NodeSecure

Hello πŸ‘‹

I'm writing this article quickly for all the developers who would like to detect 🚩 Marak dependencies in their project to secure themselves.

I made the decision to take a stand based on the impact of Marak's latest publications (which don't seem to be stopping anytime soon 😰).

NodeSecure can now detect packages created by Marak and it will generate a global warning ⚠️.

CLI:
NodeSecure CLI

In the UI (top right corner):
NodeSecure UI

What is NodeSecure ?

Read more about our tools and organization here.

Our main tool is a CLI/API that will fetch and deeply analyze the dependency tree of a given npm package (Or a local project with a package.json) and output a .json file that will contains all metadata and flags about each packages. All this data will allow to quickly identify different issues across projects and packages (related to security and quality).

How to use ?

$ npm install @nodesecure/cli -g

# Scan an npm package and open it in the WebUI
$ nsecure auto express

# Omit the package name to scan a local project
$ nsecure auto
Enter fullscreen mode Exit fullscreen mode

Complete CLI documentation here.


Hoping that this will help.

Best Regards,
Thomas

Image of Timescale

πŸš€ pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applicationsβ€”without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post β†’

Top comments (1)

Collapse
 
jzombie profile image
jzombie β€’

Thank you for doing this.

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up