Good AppSec strategy covers prevention as well as detection. That means companies need to prevent vulnerabilities from ever being installed in the first place.
And that means companies need to know not only what packages are in use at their companies, but how safe they are.
The Leaderboard does that work for you.
Today, companies are increasingly reducing AppSec risk by standardizing on a pre-curated selection of reliable open-source code packages. So that knowledge is a big deal.
Here’s a taste:
The Best of the Best
Looking across the overall categories, the most reliable package for each language is:
np
org.apache.maven.scm:maven-scm-provider-gitexe
Pulumi
The Top 10 by Language
Rank
Package Name
1
prettier-eslint
2
np
3
jest-cli
4
commitlint
5
@fortawesome/free-regular-svg-icons
6
@rollup/plugin-babel
7
mocha
8
@types/mocha
9
@nestjs/core
10
swagger-ui-express
Rank
Package Name
1
org.apache.maven.scm:maven-scm-provider-gitexe
2
com.github.ekryd.sortpom:sortpom-maven-plugin
3
org.apache.maven.plugins:maven-release-plugin
4
com.diffplug.spotless:spotless-maven-plugin
5
org.flywaydb:flyway-maven-plugin
6
org.apache.maven.plugins:maven-scm-plugin
7
io.gravitee.common:gravitee-common
8
org.apache.maven.plugins:maven-javadoc-plugin
9
io.gravitee:gravitee-bom
10
com.google.cloud:libraries-bom
Rank
Package Name
1
pulumi
2
botocore-stubs
3
types-python-dateutil
4
types-pytz
5
slack-sdk
6
pulumi-aws
7
pip
8
types-setuptools
9
typing-extensions
10
sentry_sdk
