Skip to content
You signed in with another tab or window. to refresh your session.
You signed out in another tab or window. to refresh your session.
You switched accounts on another tab or window. to refresh your session.
Here are
19 public repositories
matching this topic...
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
JavaScript implementation of The Update Framework (TUF)
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
OPA Gatekeeper provider for GitHub Artifact Attestations
Demo repository showcasing how to use reusable workflows to build artifact attestations
Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.
World-class security standard for npm packages. Automated threat detection, supply chain analysis, and 0-100 security scores. Because in 2025, we can do better than the Wild West
Secure your dependencies before they land in production. secure-packages audits package source, reviews new-version diffs, and blocks risky updates in CI/CD, starting with PyPI.
👁 osv-ui
A beautiful, zero-config visual CVE dashboard for npm & Python. One command: npx osv-ui. 100% Local & Secure.
Verify PyPI package attestations and improve Python supply-chain security
Supply-chain security scanner for npm packages. Detect malicious code, typosquatting, and compromised dependencies before you install them.
Caught you. — Runtime network surveillance for PyPI and npm packages.
Scans the real npm publish tarball before release and blocks leaks like source maps, secrets, internal files, and suspicious oversized artifacts.
Open-source CVE lookup tool for software packages. Check vulnerabilities, CVSS scores, version age, and latest releases across 8 ecosystems using OSV.dev.
Search all repositories across a github organization and looks for nodejs dependencies
🛡️ Guard your projects against the Shai-Hulud 2.0 npm supply chain attack with our secure detection tool for safer development.
Scan CVEs in a local, zero-config dashboard for npm, Python, Go, Rust, Java, PHP, and Ruby projects
package scanner for Arch Linux based systems
Security scanner for Node.js projects with AI-powered vulnerability detection and package recommendations
Improve this page
Add a description, image, and links to the
package-security
topic page so that developers can more easily learn about it.
Curate this topic
Add this topic to your repo
To associate your repository with the
package-security
topic, visit your repo's landing page and select "manage topics."
Learn more
You can’t perform that action at this time.
