Lockfile-first scanner for compromised npm/PyPI/Maven/Cargo/Go/RubyGems packages — OSV + curated extras feed, SLSA L3, locked-container CI
-
Updated
May 5, 2026 - Python
Lockfile-first scanner for compromised npm/PyPI/Maven/Cargo/Go/RubyGems packages — OSV + curated extras feed, SLSA L3, locked-container CI
🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.
Real-time npm/PyPI supply-chain threat detection. Behavioral chain analysis, AST scanning, IOC feeds, and compound scoring engine.
Deterministic, reachability-aware software composition analysis (SCA) engine — lockfile-first resolution, function- & cross-package reachability, patch-diff symbol mining, EPSS/KEV, SARIF + OpenVEX. Zero runtime dependencies.
GuOx: Ultimate enterprise‑grade, AI & WASM‑powered Express security framework.
Paste your manifest. Get back the fixed files. Free browser-based dependency security fixer — npm, PyPI, Ruby, PHP. No login. No CLI.
Open-source local dependency and vulnerability scanner for Java (Maven/Gradle) and JavaScript (npm) projects.
Free dependency vulnerability scanner — scans full transitive tree for CVEs. Supports npm, PyPI, Maven. No signup.
AI-aware dependency security scanner — 45 scanners: prompt injection, slopsquatting, MCP auditing, anti-analysis evasion, AI-BOM, supply chain attack detection, SBOM generation
Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).
Supply-chain security and dependency analysis tool for the npm ecosystem
TypeScript dependency scanner that flags imperative prose aimed at coding agents hidden in package files, docstrings, and MCP manifests
Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx)
Scan projects for CVEs in AI-generated dependencies. Zero API calls. Works offline.
supply chain scanner for NPM and pypi
Cross-ecosystem dependency security scanner. Detects the axios RAT supply chain attack and similar threats. 4-layer detection: AST analysis, behavioral fingerprinting, dep graph profiling, registry metadata. Scans npm/PyPI/Cargo/Brew. Zero dependencies.
AI-powered open source license compliance scanner. Analyzes how dependencies are actually used — not just what license they have — to determine if obligations trigger for your distribution model. Multi-agent AI pipeline, MCP server for Claude Code integration, and structured output for AI assistants. Zero API keys needed for local use.
Scan your npm/Python dependency READMEs for prompt-injection instructions aimed at coding agents before you install — JSON output for CI
A unified Python desktop and CLI security scanner orchestrating dependency auditing, secrets detection, SAST, IaC linting, and web vulnerability analysis.
DepScope — Package Intelligence for AI Agents. 22 MCP tools, 19 ecosystems, free, no auth. https://depscope.dev
Add a description, image, and links to the dependency-scanner topic page so that developers can more easily learn about it.
To associate your repository with the dependency-scanner topic, visit your repo's landing page and select "manage topics."