New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@nesgaurd/nesgaurd-js

Package Overview
Dependencies
Maintainers
0
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nesgaurd/nesgaurd-js

Protect your website from malicious script modifications and supply chain attacks with NESGuard SRI monitoring

latest
Source
npmnpm
Version
1.0.0
Version published
Maintainers
0
Created
Source

NESGuard JavaScript SRI Protection

A JavaScript client for adding Subresource Integrity (SRI) protection to your web applications, providing real-time script tampering detection and enhanced security against supply chain attacks.

Test Coverage npm version License: MIT

What is NESGuard?

NESGuard is a comprehensive Subresource Integrity (SRI) monitoring platform that protects your website from malicious script modifications, supply chain attacks, and third-party script compromises. This package is the JavaScript client that integrates with the NESGuard monitoring service.

How It Works

  • You integrate this client into your website
  • The client monitors scripts for integrity changes
  • When changes are detected, you're alerted in real-time
  • The NESGuard desktop agent provides detailed forensic information

Complete Setup Guide

Step 1: Create a NESGuard Account

Before using this package, you need to:

  • Visit nesgaurd.com to create an account
  • Generate an Agency ID from your dashboard
  • Download and install the NESGuard Desktop Agent for your operating system (available for Windows, macOS, and Linux)
  • Configure the desktop agent with your Agency ID and API credentials

Step 2: Install the JavaScript Package

npm install @nesgaurd/nesgaurd-js

Or include via CDN:

<script src="https://cdn.jsdelivr.net/npm/@nesgaurd/nesgaurd-js/dist/nesgaurd.min.js"></script>

Step 3: Set Up Your Website Integration

import NESGuard from '@nesgaurd/nesgaurd-js';

// Initialize NESGuard client
const nesguard = new NESGuard({
  agencyId: 'your-agency-id', // Get this from your NESGuard dashboard
  apiUrl: 'https://nesgaurd.com/api' // Optional, defaults to production API
});

// Setup script monitoring
nesguard.setup();

Step 4: Configure the Desktop Agent

  • Open the NESGuard Desktop Agent
  • Enter your Agency ID and API credentials
  • Configure monitoring preferences and alert thresholds
  • Set up notification channels (email, SMS, webhook)

Security Features

NESGuard JS includes advanced security measures:

  • Real-time script integrity monitoring
  • Automatic SRI attribute management
  • Instant alerts for script modifications
  • Protection against supply chain attacks
  • Code obfuscation to protect against reverse engineering
  • Domain locking to prevent unauthorized usage
  • Self-defending code to prevent tampering
  • Debug protection to hinder analysis attempts
  • 100% test coverage for reliability

Dashboard and Monitoring

The NESGuard platform provides:

  • Real-time monitoring dashboard
  • Detailed script integrity history
  • Threat intelligence and analytics
  • Forensic information for compromise investigation
  • Team collaboration features
  • API for custom integrations

Visit nesgaurd.com/dashboard after setting up your account to access these features.

Configuration Options

When initializing NESGuard, you can provide several configuration options:

const nesguard = new NESGuard({
  agencyId: 'your-agency-id',          // Required: Your unique agency identifier
  apiUrl: 'https://nesgaurd.com/api',  // Optional: API endpoint for NESGuard service
  scripts: [                           // Optional: Additional scripts to monitor
    'https://example.com/script.js',
    '/local/script.js'
  ],
  autoDetect: true,                    // Optional: Auto-detect scripts on page (default: true)
  interval: 900000,                    // Optional: Monitoring interval in ms (default: 15min)
  onDetection: (event) => {            // Optional: Callback when integrity violation detected
    console.error('Script integrity violation:', event);
  }
});

Methods

setup()

Sets up SRI protection by scanning the page for scripts and registering them with the NESGuard service.

nesguard.setup();

addScript(url, options)

Manually add a script to monitor.

nesguard.addScript('https://example.com/script.js', {
  interval: 60000, // Check every minute
  critical: true   // Mark as critical script
});

removeScript(url)

Stop monitoring a specific script.

nesguard.removeScript('https://example.com/script.js');

checkScript(url)

Force an immediate integrity check of a script.

nesguard.checkScript('https://example.com/script.js')
  .then(result => {
    console.log('Script integrity status:', result.isValid);
  });

Setup Wizard

NESGuard includes a setup wizard to help you configure which scripts to monitor:

import { NESGuardWizard } from '@nesgaurd/nesgaurd-js';

// Launch the setup wizard
NESGuardWizard.launch({
  agencyId: 'your-agency-id',
  onComplete: (config) => {
    // Save configuration and initialize NESGuard
    localStorage.setItem('nesguard-config', JSON.stringify(config));
    const nesguard = new NESGuard(config);
    nesguard.setup();
  }
});

CDN Usage

When using the CDN version, the code is already built, bundled, and obfuscated:

<!-- Include the script -->
<script src="https://cdn.jsdelivr.net/npm/@nesgaurd/nesgaurd-js/dist/nesgaurd.min.js"></script>

<!-- Use it in your code -->
<script>
  document.addEventListener('DOMContentLoaded', () => {
    // Initialize NESGuard
    const nesguard = new NESGuard({
      agencyId: 'your-agency-id'
    });
    
    // Setup protection
    nesguard.setup()
      .then(() => {
        console.log('NESGuard protection active');
      });
  });
</script>

CMS Integrations

Drupal Integration

// In your Drupal theme's JavaScript
import NESGuard from '@nesgaurd/nesgaurd-js';

document.addEventListener('DOMContentLoaded', () => {
  const agencyId = drupalSettings.nesguard?.agencyId;
  
  if (agencyId) {
    const nesguard = new NESGuard({ 
      agencyId,
      apiUrl: drupalSettings.nesguard?.apiUrl || 'https://nesgaurd.com/api'
    });
    nesguard.setup();
  }
});

WordPress Integration

// In your WordPress theme or plugin
document.addEventListener('DOMContentLoaded', () => {
  if (typeof nesguardSettings !== 'undefined') {
    const nesguard = new NESGuard({ 
      agencyId: nesguardSettings.agencyId,
      apiUrl: nesguardSettings.apiUrl || 'https://nesgaurd.com/api'
    });
    nesguard.setup();
  }
});

Advanced: WebSocket Monitoring

For real-time notifications:

import { NESGuardSocket } from '@nesgaurd/nesgaurd-js';

const socket = new NESGuardSocket({
  agencyId: 'your-agency-id',
  token: 'your-jwt-token' // Get this from your authentication system
});

socket.connect();

socket.on('threat', (data) => {
  console.error('Threat detected:', data);
});

License

MIT

Keywords

security
sri
subresource-integrity
monitoring
javascript
script-security

FAQs

Package last updated on 05 Mar 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026