npq 3.19.5 → 3.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/data/top-packages.json +17198 -49858
- package/lib/marshalls/typosquatting.marshall.js +7 -6
- package/package.json +6 -4
- package/scripts/build.js +37 -6
package/README.md
CHANGED
|
@@ -21,7 +21,7 @@ Here's a screenshot of npq in action:
|
|
|
21
21
|
Media coverage about npq:
|
|
22
22
|
|
|
23
23
|
- As mentioned on [Thomas Gentilhomme](https://github.com/fraxken)'s French book of [Become a Node.js Developer](https://docs.google.com/document/d/1JHgmEFkc8Py4XSuCB8_DQ5FFEJoogyeninFK6ucTd4o/edit#)
|
|
24
|
-
- Tao Bojlén's [A web of trust for npm](https://
|
|
24
|
+
- Tao Bojlén's [A web of trust for npm](https://btao.org/posts/2020-10-02-npm-trust/)
|
|
25
25
|
- Zander's [favorite list of command line tools](https://zander.wtf/blog/terminal-commands)
|
|
26
26
|
- Ran Bar Zik's [npq review to install safe modules](https://internet-israel.com/%D7%A4%D7%99%D7%AA%D7%95%D7%97-%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98/%D7%91%D7%A0%D7%99%D7%99%D7%AA-%D7%90%D7%AA%D7%A8%D7%99-%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98-%D7%9C%D7%9E%D7%A4%D7%AA%D7%97%D7%99%D7%9D/%D7%91%D7%93%D7%99%D7%A7%D7%94-%D7%A2%D7%9D-npq-%D7%9B%D7%93%D7%99-%D7%9C%D7%95%D7%95%D7%93%D7%90-%D7%94%D7%AA%D7%A7%D7%A0%D7%94-%D7%AA%D7%A7%D7%99%D7%A0%D7%94-%D7%A9%D7%9C-%D7%9E%D7%95%D7%93%D7%95/)
|
|
27
27
|
- ostechnix's [How To Safely Install Packages Using Npm Or Yarn On Linux](https://ostechnix.com/how-to-safely-install-packages-using-npm-or-yarn-on-linux)
|
|
@@ -257,6 +257,10 @@ When auto-continue is disabled, npq will always prompt for explicit confirmation
|
|
|
257
257
|
|
|
258
258
|
* This is not telemetry. NPQ does not collect any usage data. When auditing a package, NPQ fetches the maintainers/authors of the dependency and checks their email addresses to verify they are valid and not associated with expired domains. Expired domains can be abused by attackers for account takeover (ATO) attacks to compromise packages with malicious versions. Hence, NPQ may make DNS requests to domains like `gmail.com` or personal domains found in maintainer emails. Additionally, NPQ makes HTTP requests to `osv.dev` to fetch security vulnerability data (or uses Snyk if configured, as a prioritized option).
|
|
259
259
|
|
|
260
|
+
## Documentation
|
|
261
|
+
|
|
262
|
+
- [Project documentation](./docs/README.md) - development, testing, architecture, and conventions.
|
|
263
|
+
|
|
260
264
|
## Contributing
|
|
261
265
|
|
|
262
266
|
Please consult the [CONTRIBUTING](CONTRIBUTING.md) for guidelines on contributing to this project
|