Skypack package pages now feature a package security check, powered by Snyk. This new featured helps developers assess packages and encourages maintainers to keep their packages secure. Easily view this security info straight from the sidebar of any package page:
A green check means that this package has no known security vulnerabilities (or some vulnerabilities deemed low-risk by Snyk). For example, that green check could mean that awesome emoji picker component you just found isn’t secretly mining bitcoin in your browser.
A red dot means that there are either medium- or high-risk vulnerabilities that come with using this package. We recommend you then click the “Info” link to learn more about what they are, whether they affect your use-case, and how to protect yourself.
Vulnerabilities are part of the overall package score. Consequently, package maintainers who want full marks should make sure the latest version of their package addresses any security concerns listed.
Try it out by searching for a package on Skypack search and clicking on a package page.
Happy JavaScripting! Let us know what you think of the new Security checks on Twitter @skypackjs, or via email: hello@skypack.dev. And if you’d like to get Skypack updates delivered to your inbox, sign up for our newsletter.