 |
VOOZH | about |
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Pin your 3rd Party Github Actions and Docker Images dependencies.
Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.
🛡️ AI-powered vulnerability scanner that automatically detects, analyzes, and fixes security issues in npm packages with intelligent code transformations. Supports GitHub Actions, CLI, Docker, and VS Code integration with Microsoft Teams notifications.
Secure your dependencies before they land in production. secure-packages audits package source, reviews new-version diffs, and blocks risky updates in CI/CD, starting with PyPI.
👻 Stop installing packages that don't exist. When AI hallucinates names like "flask-gpt-helper", attackers register them as malware. Phantom Guard detects slopsquatting attacks across PyPI, npm & crates.io before you install.
Security wrapper for package managers using a local MITM proxy and the OSSF malicious-packages DB to block malware before install.
Long-Term Support (LTS) security fork of urllib3 with backported CVE fixes for Python 3.7 and 3.8.
Open-source CVE lookup tool for software packages. Check vulnerabilities, CVSS scores, version age, and latest releases across 8 ecosystems using OSV.dev.
GitHub-native dependency trust gate for pull requests
Multi-ecosystem supply chain attack scanner. 25+ threats across npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet. Claude Code skill + CLI + GitHub Action.
Run a quick security check on any Node or Python project to see if your dependencies are configured safely.
Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.
Detect dependency confusion attack vectors in Node.js projects
A lightweight CLI focused on security & visibility of dependencies, inspecting Node.js projects for install/prepare hooks and binaries. Find out what dependencies are running scripts during install, why they are present, and what binaries they expose.
Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).
Repogate.io VS Code Extention
A dependency firewall for developer machines.
Add a description, image, and links to the dependency-security topic page so that developers can more easily learn about it.
To associate your repository with the dependency-security topic, visit your repo's landing page and select "manage topics."