JSPM

@refentse/gatekeeper-cli

1.0.0
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
    • Downloads 16
    • Score
      100M100P100Q47502F
    • License ISC

    Zero-Trust Package Management

    Package Exports

    • @refentse/gatekeeper-cli
    • @refentse/gatekeeper-cli/index.js

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@refentse/gatekeeper-cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    🛡️ npm-gatekeeper

    Zero-Trust Package Management for Node.js.

    npm-gatekeeper is a lightweight CLI wrapper that intercepts npm install requests and runs a rapid, shift-left security check before a single byte of code is downloaded to your local machine.

    The Problem

    The JavaScript ecosystem relies on blind trust. npm install automatically executes hidden lifecycle scripts, leaving machines vulnerable to supply-chain attacks, Remote Access Trojans, and stolen .env secrets.

    The Solution

    Instead of npm install, use gatekeeper install. Gatekeeper intercepts the intent and analyzes the package metadata:

    1. OSV Database Sync: Hard-blocks known malware via the Google Open Source Vulnerabilities API.
    2. Lifecycle Quarantines: Detects and flags hidden preinstall and postinstall scripts.
    3. Age Heuristics: Flags suspicious, newly-published packages (< 48 hours old).

    Installation

    ```bash npm install -g npm-gatekeeper ```

    Usage

    ```bash gatekeeper install ```# npm-gatekeeper