Every app today relies on hundreds of open source packages written by strangers. Tools like npm audit and CVE databases only catch known threats (attacks that already happened) When you install a dependency or open a pull request, Dependency Guardian downloads the package tarball and runs behavioral detectors directly against the source code. No CVE lookups. Just static analysis. That means it can catch zero day attacks before they ever reach your production pipeline.

EOL Dataset by HeroDevs — Find every EOL dependency in your stack. Free. In 5 minutes.

Find every EOL dependency in your stack. Free. In 5 minutes.

Hey Product Hunt! 👋 I built Dependency Guardian after being affected by the Shai Hulud npm worm attack. It made clear how quietly a compromised dependency can unravel everything you've worked on. Dependency Guardian runs as a GitHub App or CLI tool and is designed to fit into your existing workflow without friction. There is a free tier and no account required to get started. We only send your requirements.txt and lockfile (package names and versions) to the server. Your source code never leaves your machine. The API wrapper is open source if you want to audit it yourself. GitHub Action: https://github.com/WestBayBerry/... npm package: https://www.npmjs.com/package/@w... On accuracy: we run every release against 156,000 real packages, both malicious and clean, pulled from public threat intelligence feeds across npm and PyPI. Current results show a 99.19% catch rate on npm and 99.55% on PyPI, with a 99.3% and 99.9% clean pass rate respectively. All detection is static analysis with no LLM inference, meaning results are fully deterministic. Full methodology and limitations are on our benchmark page. I plan to add support for more languages in the future and have already started working on that. Would love to hear your feedback.

Been waiting for something like this. Scanning a package on demand beats waiting 2+ hours or months for it to be flagged. Being able to catch zero days is huge and a gap CVE databases can’t cover This is how package security should work.🙏

EOL Dataset by HeroDevs — Find every EOL dependency in your stack. Free. In 5 minutes.

Find every EOL dependency in your stack. Free. In 5 minutes.

Dependency Guardian

Your dependencies are your biggest attack surface.

Your dependencies are your biggest attack surface.