npq

🎖safely* install packages with npm or yarn by auditing them as part of your install process

APACHE-2.0 License

Downloads
3.5K
Stars
839
Committers
20
View Code on GitHub View on X
Ecosystems: npm

Bot releases are visible (Hide)

npq - v3.5.0 Latest Release

Published by github-actions[bot] 8 months ago

3.5.0 (2024-03-04)

Features

  • age marshall check unmaintained packages (#306) (589b575)
npq - v3.4.8

Published by github-actions[bot] 8 months ago

3.4.8 (2024-03-04)

Bug Fixes

npq - v3.4.7

Published by github-actions[bot] 8 months ago

3.4.7 (2024-03-04)

Bug Fixes

  • error wording on vulnerable paths found (#304) (6a3f090)
npq - v3.4.6

Published by github-actions[bot] 8 months ago

3.4.6 (2024-03-04)

Bug Fixes

  • author marshall reported date diff for very old package releases (#303) (5770c6e)
npq - v3.4.5

Published by github-actions[bot] 9 months ago

3.4.5 (2024-02-07)

Bug Fixes

  • support for --save flag and others that are supported by npm cli (#301) (ebc5925)
npq - v3.4.4

Published by github-actions[bot] 10 months ago

3.4.4 (2023-12-16)

npq - v3.4.3

Published by github-actions[bot] 10 months ago

3.4.3 (2023-12-16)

npq - v3.4.2

Published by github-actions[bot] 11 months ago

3.4.2 (2023-11-21)

Bug Fixes

  • dont report on the package if it is popular (#298) (e079e42)
npq - v3.4.1

Published by github-actions[bot] 11 months ago

3.4.1 (2023-11-21)

Bug Fixes

  • don't report own matched packages by mistake (5ed99b3)
npq - v3.4.0

Published by github-actions[bot] 11 months ago

3.4.0 (2023-11-21)

Features

  • introduce new typosquatting marshall (#297) (d20cdc2)
npq - v3.3.0

Published by github-actions[bot] 11 months ago

3.3.0 (2023-11-21)

Features

  • download and distribute top downloaded packages for checks (#296) (1391dc3)
npq - v3.2.3

Published by github-actions[bot] about 1 year ago

3.2.3 (2023-10-01)

Bug Fixes

  • handle edge cases when grabbing data (cb52e75)
  • properly report on first time package publishing (791dadb)
  • remove the 'proceed with care' added text which is unnecessary (79ac35f)
  • support dist-tag version aliases when auditing package author (690a22e)
npq - v3.2.2

Published by github-actions[bot] about 1 year ago

3.2.2 (2023-09-30)

Bug Fixes

  • temporary decomissioned the README marshall (2334cd7)
npq - v3.2.1

Published by github-actions[bot] about 1 year ago

3.2.1 (2023-09-30)

npq - v3.2.0

Published by github-actions[bot] about 1 year ago

3.2.0 (2023-09-30)

Features

  • revamp package author check for potential package compromise (#294) (0cff8c4)
npq - v3.1.0

Published by github-actions[bot] about 1 year ago

3.1.0 (2023-09-29)

Features

npq - v3.0.2

Published by github-actions[bot] about 1 year ago

3.0.2 (2023-09-29)

Bug Fixes

npq - v3.0.1

Published by github-actions[bot] about 1 year ago

3.0.1 (2023-09-29)

Bug Fixes

npq - v3.0.0

Published by github-actions[bot] about 1 year ago

3.0.0 (2023-09-28)

  • BREAKING CHANGE: updating code to match modern Node.js runtime versions (#289) (1e38859), closes #289

BREAKING CHANGES

  • upgrade dependencies and migrate to modern Node.js API support
  • fix: remove semantic-release from package deps and use it only in CI
  • fix: remove update-notifier
  • fix: remove standard not playing nicely with eslint rules
  • fix: new husky git hooks
  • fix: new husky git hooks config for commitlint

BREAKING CHANGE

npq - v2.5.3

Published by github-actions[bot] about 1 year ago

2.5.3 (2023-09-27)

Bug Fixes

  • provenance will throw a warning for missing package attestations (#288) (8acc839)
Package Rankings
Top 6.73% on Proxy.golang.org
Top 9.13% on Npmjs.org
Badges
Extracted from project README
npm npm codecov CI Known Vulnerabilities Security Responsible Disclosure
Related Projects
audit-ci

Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing in...

13 Nov 2018 264
npm-install-to

📦 Install npm modules programmatically to given path

02 Jan 2019 5
qnm

cli utility for querying the node_modules directory

06 Mar 2018 1,914
package-json-scripts

A NodeJS package to test how package.json scripts are being scheduled by different package managers.

20 Jul 2017 8
live-plugin-manager

Plugin manager and installer for Node.JS

04 Apr 2017 232
semantic-release-yarn

🧶 A semantic-release plugin to publish npm packages with Yarn. Comes with built-in support for mo...

25 Nov 2022 20
ni.zsh

Alternative `ni` written in zsh: npm/yarn/pnpm/bun with the same command

24 Mar 2023 99
nve

Run any command on specific Node.js versions

07 Aug 2019 692
npm-publish

GitHub Action to publish to NPM

21 Jan 2020 616
cli

the package manager for JavaScript

05 Jul 2018 8,072
pnpm

Fast, disk space efficient package manager

28 Jan 2016 27,544
lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues

01 Jun 2019 770
npm-gui

Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm...

01 Dec 2015 647
corepack

Zero-runtime-dependency package acting as bridge between Node projects and their package managers

12 Mar 2020 2,533
np

A better `npm publish`

16 Aug 2015 7,461