Loading...
Package Security groups the cybersecurity tools focused on package security, pulled from across every category so you can compare every option in one place. Filter by category or pricing to narrow the field. Independent and vendor-neutral: we never sell rankings.
Browse 0 cybersecurity solutions, with 0 security professionals searching monthly
Cloud-native artifact mgmt & software supply chain security platform.
OpenSCA Project is a dependency security scanner that runs in the browser.
Platform to identify, remediate, and prevent EOL open source software risk.
Client-side tool to check npm projects for Shai Hulud 2.0 supply chain compromise.
Detects foreign adversarial influence in open source software dependencies.
Identifies and helps remediate end-of-life open source dependencies.
AI-driven platform that patches OSS CVEs in-place without version upgrades.
Detects and blocks malicious/vulnerable open source packages in supply chains.
Database for researching & tracking open source components with safety scores.
Tool for searching, comparing, and evaluating open source dependencies.
Malware-resistant software libraries rebuilt from source for multiple languages
Software supply chain security platform detecting malware in dependencies
Detects malicious open-source packages across SDLC using 410K+ package database
Software supply chain security platform with SCA, package firewall & threat intel
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A CLI tool for signing and verifying npm and yarn packages.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.