From code to build

Secure your JavaScript dependencies

Proactively defend against known & unknown supply chain risk through comprehensive behavioral intelligence – right inside your dev workflows.

Install GitHub Action
Install CLI Read docs

lstn CI

Automatically scan your project at every change, get insights in GitHub PRs, and block risky packages before installation.

Verdict Pages

Search npm packages and get behavioral insights on the web.

listen.dev verdict pages

lstn CLI

Dependency insights for npm packages inside local environments.

Install GitHub Action
Install CLI Read docs

Security through Observability

listen.dev goes beyond traditional static approaches and utilizes the power of eBPF to monitor package behavior during execution--enabling unparalleled visibility and coverage that most scanners miss.

Dependencies & Builds

  • Detect npm install scripts

  • Detect suspicious processes

  • Detect cryptomining

  • Detect suspicious filesystem access

  • Detect suspicious network traffic

  • Identify sensitive data and credential exfiltration

  • Identify potential domain expiration attack

  • See full list inIssue Coverage

Test and Runtime

  • Detect malicious scripts

  • Detect binary tampering

  • Detect cryptomining

  • Detect suspicious filesystem access

  • Detect suspicious outbound network traffic

  • Identify data exfiltration

GitHub

  • GitHub action + Checks support

  • Pull Request reports

  • Public repos

  • Private repos

  • Slack Alerts

  • Annotations