NPMScan is described as 'Security analysis tool for the JavaScript ecosystem. It scans npm packages for malicious behavior and supply chain risks that are often invisible to developers. The scanner inspects scripts, dependencies, encoded payloads, metadata, and common attack patterns used' and is an website in the security & privacy category. There are more than 25 alternatives to NPMScan, not only websites but also apps for a variety of platforms, including SaaS, Mac, Self-Hosted and Windows apps. The best NPMScan alternative is GitHub, which is free. Other great sites and apps similar to NPMScan are Artemis Security Scanner, Mend Renovate, Libraries.io and Aikido Security.
Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. Our unified platform enables companies to manage application risk effectively in modern software development.
Mend.io is the most popular commercial alternative to NPMScan.
AquilaX Ultimate is a comprehensive software security scanner, designed to detect a wide range of security vulnerabilities in the source code of any application. Is committed to change how contextual analysis is done to eliminate virtually any false positive.
A single pane of glass for understanding and mitigating risks across your entire codebase and supply chain.
Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...
FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks.
The most proven open source scanning solution to help organizations understand their license compliance and security vulnerability risks.
PrivJs Safe helps secure projects by blocking the installation of vulnerable javascript packages. PrivJs Safe also provides an ESLint plugin @privjs/eslint-plugin-safe to actively detect the import of vulnerable npm packages in the projects.
Dependency Update Automation for npm, composer and docker made easy. Check your git repositories for vulnerabilities now!.
RankedRight is the triage tool that automatically ranks vulnerabilities based on the rules set by its user, factoring in what is critical to the business, and delegating it to the most appropriate person to resolve.
SecDash automatically detects security vulnerabilities in applications created with ChatGPT, Claude, and other AI tools, providing clear and actionable guidance.
Timesys Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete...
GuardRails continuously scans your GitHub & GitLab repositories to alert you of any vulnerabilities and security issues. Get started in minutes.
Israel
United Kingdom
Switzerland
United States
Germany
EU
Brazil
Singapore