NPMScan is described as 'Security analysis tool for the JavaScript ecosystem. It scans npm packages for malicious behavior and supply chain risks that are often invisible to developers. The scanner inspects scripts, dependencies, encoded payloads, metadata, and common attack patterns used' and is an website in the security & privacy category. There are more than 25 alternatives to NPMScan, not only websites but also apps for a variety of platforms, including SaaS, Mac, Windows and Self-Hosted apps. The best NPMScan alternative is GitHub, which is free. Other great sites and apps similar to NPMScan are Artemis Security Scanner, Mend Renovate, Libraries.io and Aikido Security.
Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. Our unified platform enables companies to manage application risk effectively in modern software development.
Unlimited vulnerability scanning with flat-rate pricing. Built-in CISA KEV and EPSS threat intelligence, compliance reporting for PCI-DSS, Cyber Essentials, and ISO 27001. No per-IP fees.
AquilaX Ultimate is a comprehensive software security scanner, designed to detect a wide range of security vulnerabilities in the source code of any application. Is committed to change how contextual analysis is done to eliminate virtually any false positive.
A single pane of glass for understanding and mitigating risks across your entire codebase and supply chain.
Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...
FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks.
SkillRisk is a specialized security analysis tool designed for the AI Agent ecosystem, specifically focusing on Claude Code and Model Context Protocol (MCP) skills.
The most proven open source scanning solution to help organizations understand their license compliance and security vulnerability risks.
PrivJs Safe helps secure projects by blocking the installation of vulnerable javascript packages. PrivJs Safe also provides an ESLint plugin @privjs/eslint-plugin-safe to actively detect the import of vulnerable npm packages in the projects.
PackageFix is a free browser-based dependency security fixer. Paste your manifest file and get back a fixed version with every vulnerable package patched — ready to download in one click.
Dependency Update Automation for npm, composer and docker made easy. Check your git repositories for vulnerabilities now!.
RankedRight is the triage tool that automatically ranks vulnerabilities based on the rules set by its user, factoring in what is critical to the business, and delegating it to the most appropriate person to resolve.
Israel
United Kingdom
Switzerland
Thailand
United States
Germany
EU