I scored 200 blockchain NPM packages for deprecation and hijack risk
6 hours ago
- #npm_packages
- #risk_analysis
- #blockchain_security
- Analysis of 200 blockchain-related npm packages assessed for deprecation, CVE coverage gaps, and hijack exposure.
- Packages scored on deprecation status, last commit date, dependent count, CVE coverage, and maintainer health (lower scores are safer, 0-100 scale).
- Key risk examples: 'web3' (HIGH risk), 'truffle' (CRITICAL, deprecated), 'bnbd-javascript-sdk' (CRITICAL, hijacked with malware), 'viem' (WATCH, rapid growth).
- Full report includes 193 additional packages, CVE gap analysis, maintainer health details, and an audit checklist for node_modules.
- Package selection based on top 50K npm downloads and blockchain keywords, with monthly report updates available.