NPM install is stealing your passwords – I built a tool to catch it
Summary
The article promotes Dependency Guardian by WestBayBerry, a tool that analyzes npm dependency changes in CI to assign risk scores and behavioral reports. It emphasizes behavioral detection across 26 detectors, policy-driven approvals, and an audit trail, with benchmarks and wide CI integration to prevent unreviewed or malicious upgrades.