FAQs

Why should I use listen.dev?

listen.dev is provides a unique solution that provides behavioural insights on dependencies during the development lifecycle. Dev-time observability on open source packages can be used to proactively detect issues that could affect the security and performance of your software.

Read more about our approach here.

How do i get started?

Install lstn in in your local or CI environments using this guide.

How do you protect unknown risks?

Our analysis engine and team constantly monitors the npm registry and flags abnormal behavior (which could potentially indicate malicious activity), and alerts users so they can investigate or block risky dependencies before using them.

Read more here.

What type of attacks do you prevent?

listen.dev (opens in a new tab) focuses on unknown threats that might not have been publicly disclosed in CVE databases. Read more our threat coverage here.

How does listen.dev ensure the privacy of my data? What permissions does it have?

We only read the manifest files (such as package.json) and metadata inside your project’s repository. We do not read any of your code or sensitive data, neither do we run any of your code on your servers.

If you want to learn more, check out the detailed docs (opens in a new tab) and our client code (opens in a new tab) repo which is open source. If you have any specifc concerns or feedback, we would love to chat 1:1 at support@listen.dev.

What are the requirements to deploy listen.dev?

You can install and run the tool on your local machine or servers. Follow the integration guides for instructions specific to your OS and environment.

Language coverage

We currently JavaScript/npm. See roadmap for what we have in the works.\