9 packages
lavamoat
`lavamoat` is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".
@lavamoat/allow-scripts
A tool for running only the dependency lifecycle hooks specified in an allowlist.
lavamoat-browserify
browserify plugin for sandboxing dependencies with LavaMoat
lavamoat-core
LavaMoat kernel and utils
@lavamoat/lavapack
LavaMoat packer
@lavamoat/preinstall-always-fail
Worried about accidentally running `yarn` or `npm` with script hooks enabled such as `preinstall` or `postinstall`?
lavamoat-tofu
This is the TOFU (trust-on-first-use) static analysis tool used by LavaMoat to automatically generate useable config
lavamoat-viz
This is a dashboard for exploring a dependency graph and LavaMoat policy file
lavamoat-webpack
[DEPRECATED] webpack plugin for sandboxing dependencies with LavaMoat