Socket for GitHub
Detect suspicious packages in PRs
Socket CLI
Use Socket from the command line
Socket Web Extension
Use Socket from your browser
Socket Dependency Search
Find any package for your project
Docs
Want to read all the docs? Start here
Blog
Keep up to date with all the news
Customers
Check out our customer stories
Changelog
Latest updates and enhancements
Packages
Comaintainers
9 packages
Order
Sort by
lavamoat
`lavamoat` is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".
@lavamoat/allow-scripts
A tool for running only the dependency lifecycle hooks specified in an allowlist.
lavamoat-browserify
browserify plugin for sandboxing dependencies with LavaMoat
lavamoat-core
LavaMoat kernel and utils
@lavamoat/lavapack
LavaMoat packer
@lavamoat/preinstall-always-fail
Worried about accidentally running `yarn` or `npm` with script hooks enabled such as `preinstall` or `postinstall`?
lavamoat-tofu
This is the TOFU (trust-on-first-use) static analysis tool used by LavaMoat to automatically generate useable config
lavamoat-viz
This is a dashboard for exploring a dependency graph and LavaMoat policy file
lavamoat-webpack
[DEPRECATED] webpack plugin for sandboxing dependencies with LavaMoat