CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Pin your 3rd Party Github Actions and Docker Images dependencies.

Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

🛡️ AI-powered vulnerability scanner that automatically detects, analyzes, and fixes security issues in npm packages with intelligent code transformations. Supports GitHub Actions, CLI, Docker, and VS Code integration with Microsoft Teams notifications.

👻 Stop installing packages that don't exist. When AI hallucinates names like "flask-gpt-helper", attackers register them as malware. Phantom Guard detects slopsquatting attacks across PyPI, npm & crates.io before you install.

Long-Term Support (LTS) security fork of urllib3 with backported CVE fixes for Python 3.7 and 3.8.

Security wrapper for package managers using a local MITM proxy and the OSSF malicious-packages DB to block malware before install.

Detect dependency confusion attack vectors in Node.js projects

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).

Repogate.io VS Code Extention