Impressed at @SocketSecurity launch. Their tool keeps your app safe even in the worst case scenario of an active supply chain attack in an NPM package.
We love using Socket to protect Wormhole. Detecting supply chain attacks by analyzing dependency behavior is such a refreshingly obvious idea once you see it in action.
Socket takes a process that I normally do by hand and automates it. It also does a few extra checks that I don't do, a very valuable supply chain security tool for the NPM ecosystem. I highly recommend it for all NPM based projects!
Before node_modules was just a huge black hole... in my heart. It's still a black hole, but I at least know what kind of shenanigans my open source pals are up to in there.
Awesome product. Awesome customers. Awesome team. We've deployed Socket to our whole GitHub organization – love their product + take on supply chain security for us/the world!