Keyword: pypi
- muaddib-scannerReleased21h agoVersion2.11.135
Supply-chain threat detection & response for npm & PyPI/Python
- supply-chain-guardReleased6h agoVersion5.2.42
Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs
- @inner-security/mcpReleased4h agoVersion0.1.0
Inner MCP server (stdio). Exposes 5 tools (check_package, check_dependencies, explain_verdict, suggest_alternative, request_review) so a coding agent gets a verdict + a suggested safer alternative BEFORE it installs. A thin client of Inner's Verdict API,
- @inner-security/scanReleased4h agoVersion0.1.0
Inner CLI: @inner-security/scan zero-auth instant dependency scan + inner init to route the 6 package managers through the Inner proxy. A thin client of Inner's Verdict API, gated by an org API key.
- package-guard-mcpReleased6h agoVersion1.0.0
MCP server: the pre-install supply-chain guard for AI coding agents — verify a package exists (catch slopsquat/hallucinations), check vulnerabilities & malware (OSV), detect typosquats, audit a whole dependency list. Deterministic, free, no LLM.
- sloplockReleased19h agoVersion1.0.3
GitHub Action that blocks AI-hallucinated, nonexistent, and too-new dependencies in pull requests.
- supply-chain-mcp-serverReleased5d agoVersion0.1.0
Software supply chain security MCP server — vulnerability scanning, package analysis, provenance verification, typosquatting detection, dependency intelligence across npm, PyPI, crates.io, Go, and more
- airlock-cliReleased6d agoVersion0.1.0
A firewall between AI coding agents and dangerous actions. Blocks hallucinated packages, leaked secrets, destructive commands, and test-subversion.