Find out just how much Node.js code you’re trusting with @intrinsic/loc

Here at Intrinsic, we’ve seen that most Node.js applications are comprised of mostly third-party code, so we developed a simple tool to prove it to you! @intrinsic/loc lets you compare the amount of code in your application versus in your node_modules folder.

Simply execute the following command within your Node.js application:

npx @intrinsic/loc

Here’s the output run on NASA’s Open MCT:

_)      |       _)         _)
 | __ \ __|  __| | __ \ __| |  __|
 | |  | |   |    | |  |\__\ | (
_|_| _|\__|_|   _|_| _|___/_|\___|
Your application code:     72,914 lines ( 5.72%)
  `node_modules` code:  1,201,704 lines (94.28%)
Want to learn more? https://intrinsic.com/

Why does this matter?

npm modules are great! The ability to re-use code allows for faster development cycles and better products. We’re betting that after you’ve run our tool, you’ve realized that most (typically 90%+) of your application is third-party code living in your node_modules folder. That is, most of your code is not written by you. That's scary!

Most people are trusting millions of lines of code without realizing it! npm modules can easily have vulnerabilities due to developer mistakes, or even actively malicious code! For example, recently the getcookies module turned out to be actively malicious! You could be running malicious code in your Node.js applications without knowing it. Read our recent article, The Dangers of Malicious Modules, to learn more about how malicious modules can compromise your applications.

At Intrinsic we specialize in writing software for securing Node.js applications that protects against malicious modules. Our product follows the Least Privilege model for securing applications and is very powerful and is easy to implement. If you are looking for a way to secure your Node.js applications, give us a shout at hello@intrinsic.com or visit us at www.intrinsic.com.