From code to build

Monitor & Secure JavaScript dependencies

Reduce attack surface, stay ahead of issues and make informed decisions by integrating listen.dev across your development lifecycle.

Get lstn for GitHub
Install CLI Read docs

lstn CLI

Behavioral insights for npm packages inside local environments.

lstn CI

Automatically detect and block malicious dependencies in CI.

Plug and play without tedious config, code changes or performance overhead.

Verdict Pages

Search npm packages and get behavioral insights on the web.

listen.dev verdict pages

Security through Observability

listen.dev uses eBPF to monitor package behavior at the kernel-level, offering unparalleled visibility and defense in depth that traditional approaches miss.

Dependencies & Builds

  • Detect npm install scripts

  • Detect suspicious processes

  • Detect cryptomining

  • Detect suspicious filesystem access

  • Detect suspicious network traffic

  • Identify sensitive data and credential exfiltration

  • Identify potential domain expiration attack

Test and Runtime

  • Detect npm install scripts

  • Identify potential domain expiration attack

  • Detect cryptomining

  • Detect suspicious filesystem access

  • Detect suspicious outbound network traffic

  • Identify data exfiltration

GitHub

  • Checks support

  • Pull requests integration

  • Public repos

  • Private repos