
Tell HN: A gigantic JavaScript security opportunity – who is going to do it? - andrewstuart
There needs to be some sort of new &quot;antivirus&quot; type application that does the job of ensuring a javascript application is built from packages that are secure&#x2F;not compromised.<p>I do not want my code to have this sort of thing: https:&#x2F;&#x2F;www.google.com.au&#x2F;search?q=malicious+npm+package<p>Doing all this is too brittle and not repeatable enough: https:&#x2F;&#x2F;www.twilio.com&#x2F;blog&#x2F;2017&#x2F;08&#x2F;find-projects-infected-by-malicious-npm-packages.html<p>Presumably there is alot of work to be done for this package to know all current security issues and analyze packages to find them, but that&#x27;s where the opportunity is.<p>As a developer, I don&#x27;t want to be using malicious components, I would rather buy some antivirus type package and scan my application or source code or something.<p><i>I will pay money to buy this service&#x2F;application.</i>
======
maxharris
[https://nodesource.com/products/nsolid](https://nodesource.com/products/nsolid)

[https://nodesource.com/products/certified-
modules](https://nodesource.com/products/certified-modules)

------
avoidwork
[https://www.npmjs.com/package/nsp](https://www.npmjs.com/package/nsp)

~~~
andrewstuart
I want to give money to a company for this because companies need to pay
people to work hard on it and make sure it is always being done properly.

It's a big job that will required a ton of research and analysis and staying
up to date. I have not looked at this package but I bet it is not "the answer"
\- I'll give you $ if it is.

The answer is not to just run another npm package.

~~~
avoidwork
there is a company behind the package; i'm sure they'd take your money.

