🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.

Supply-chain threat detection for npm and PyPI. Detects Shai-Hulud, typosquatting, credential theft, obfuscation, reverse shells, GitHub Actions injection.

GuOx: Ultimate enterprise‑grade, AI & WASM‑powered Express security framework.

Open-source local dependency and vulnerability scanner for Maven and Gradle Java projects.

Paste your manifest. Get back the fixed files. Free browser-based dependency security fixer — npm, PyPI, Ruby, PHP. No login. No CLI.

AI-powered open source license compliance scanner. Analyzes how dependencies are actually used — not just what license they have — to determine if obligations trigger for your distribution model. Multi-agent AI pipeline, MCP server for Claude Code integration, and structured output for AI assistants. Zero API keys needed for local use.

Multi-ecosystem SBOM scanner with interactive HTML report, dependency tree, and CVE scanning. Supports npm, PyPI, Dart, Maven/Gradle, Rust/Cargo.

Git Seer is a powerful CLI tool that provides instant insights into any public GitHub repository.

Predictive dependency security engine. Trust Scores for npm/Python packages. Detects zombies, typosquats, and supply chain risks before they become CVEs.

ForgeScan is a high-performance supply-chain security scanner built with Rust and TypeScript. It detects npm typo-squatting attacks and obfuscated malware using Shannon entropy analysis and Levenshtein distance heuristics. Designed for speed, clarity, and explainable security research.

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).

Skill to detect Vulnerability in your project

Scan dependency manifests (package.json, requirements.txt, go.mod) for open-source license compliance. Identifies licenses via package registries and SPDX, evaluates against configurable company policies, and generates compliance reports.

Scala/SBT dependency risk scanner — vulnerability detection, license compliance, SBOM generation, unused dep analysis, policy-as-code, and more

Dependency scanner and updater

Scan all GitHub repos in an org or personal account to find packages below a specific version. Supports Composer & Node dependencies.

🛡️ License compliance checker for your projects. Scan dependencies, detect problematic licenses, and ensure compliance. Perfect for enterprises.

Detect dependency confusion attack vectors in Node.js projects