npq 3.19.6 → 3.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/data/top-packages.json +17198 -49858
- package/lib/marshalls/typosquatting.marshall.js +7 -6
- package/package.json +6 -4
- package/scripts/build.js +37 -6
package/README.md
CHANGED
|
@@ -257,6 +257,10 @@ When auto-continue is disabled, npq will always prompt for explicit confirmation
|
|
|
257
257
|
|
|
258
258
|
* This is not telemetry. NPQ does not collect any usage data. When auditing a package, NPQ fetches the maintainers/authors of the dependency and checks their email addresses to verify they are valid and not associated with expired domains. Expired domains can be abused by attackers for account takeover (ATO) attacks to compromise packages with malicious versions. Hence, NPQ may make DNS requests to domains like `gmail.com` or personal domains found in maintainer emails. Additionally, NPQ makes HTTP requests to `osv.dev` to fetch security vulnerability data (or uses Snyk if configured, as a prioritized option).
|
|
259
259
|
|
|
260
|
+
## Documentation
|
|
261
|
+
|
|
262
|
+
- [Project documentation](./docs/README.md) - development, testing, architecture, and conventions.
|
|
263
|
+
|
|
260
264
|
## Contributing
|
|
261
265
|
|
|
262
266
|
Please consult the [CONTRIBUTING](CONTRIBUTING.md) for guidelines on contributing to this project
|