Keyword: supply-chain
- @twin.org/standards-uneceReleased3d agoVersion0.9.0
Data models for UN/CEFACT semantic vocabularies.
- pkgxrayReleasedyesterdayVersion0.14.0
Zero-dep local CLI and MCP server that scans npm packages for supply-chain risk. OSV vuln pre-check, sandboxed quarantine, tarball-integrity verification, calibrated static heuristics, GitHub provenance cross-check.
- muaddib-scannerReleased21h agoVersion2.11.135
Supply-chain threat detection & response for npm & PyPI/Python
- supply-chain-guardReleased6h agoVersion5.2.42
Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs
- @ph-itdev/customs-hs-codeReleased10h agoVersion0.2026.631
HS code lookup, tariff calculation, and customs duty estimation for international trade and cross-border logistics automation.
- hs-code-classifier-mcpReleased7h agoVersion1.0.31
HS code classifier for AI agents. Classifies products to official 6-digit tariff codes before customs declarations or duty calculations. VERIFIED verdict in one call.
- pmsecReleased4d agoVersion2026.6.7
Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, uv, and bundler.
- drillable-checkReleased4d agoVersion0.1.3
Catch hallucinated, squatted, unpublished, or vulnerable dependencies — grades the packages in your lockfiles against the live registry + OSV.
- npm-guardian-mcpReleased5d agoVersion0.4.0
Supply-chain security audit for npm packages, as an MCP tool and a pay-per-call x402 endpoint. Cross-references known CVE/GHSA advisories (OSV.dev) and detects typosquatting, malicious install scripts, token/credential exfiltration and other red flags BEF
- @peac/mappings-slsaReleased16h agoVersion0.16.1
SLSA v1.2 provenance mapping for PEAC provenance extension
- @trustify-da/trustify-da-api-modelReleased2d agoVersion2.0.10
Trustify :: Dependency Analytics :: API
- @peac/mappings-intotoReleased16h agoVersion0.16.1
in-toto v1.0 attestation mapping for PEAC provenance extension
- @ph-itdev/shipping-rate-calcReleased10h agoVersion0.2026.629
Calculate shipping rates by weight, dimensions, zone, and carrier with support for domestic and international freight.
- n8n-nodes-tracepassReleased6d agoVersion1.2.0
n8n community node for TracePass — automate EU Digital Product Passport workflows: products, passports, EPCIS supply-chain events.
- zyrax-guardReleasedyesterdayVersion0.9.0
Audit AI agent configs (prompt injection, rogue MCP servers) and vet packages — local, zero-dependency. CLI + MCP server.
- @mintmark/coreReleased23h agoVersion0.2.0
Fingerprinting + drift/rug-pull detection engine for the MCP supply chain (Mintmark core).
- safeinstall-cliReleased5d agoVersion0.8.0
Local-first CLI that blocks risky npm, pnpm, and bun installs before they run. Open source.
- @mintmark/censusReleased23h agoVersion0.2.0
Static crawler + threat-intel API + dashboard for the MCP supply chain (the Mintmark census / Dirty Surface Index).
- @datasig/mcpReleased2d agoVersion1.1.0
MCP server for datasig.ai — supply chain signal intelligence with x402 USDC micropayments
- mintmarkReleased23h agoVersion0.2.0
The trust layer for the MCP supply chain - fingerprint MCP servers and detect rug-pulls/drift from your terminal.
- license-guardian-mcpReleased5d agoVersion0.2.2
Audit the LICENSE of every npm dependency before you ship. Resolves each dependency's real license from the live npm registry and flags GPL/AGPL/LGPL copyleft, BUSL/SSPL/Elastic source-available, non-commercial and unlicensed packages incompatible with yo
- lockfile-guardian-mcpReleased5d agoVersion0.2.2
Audit a package-lock.json for supply-chain attacks BEFORE npm install. Cross-checks every resolved dependency against the live npm registry: blocks integrity (sha512) mismatches (lockfile poisoning) and not-on-registry entries, and flags new/fresh depende
- @graneth/mcp-serverReleasedyesterdayVersion0.2.2
Account-free MCP server: catch AI-hallucinated packages and hardcoded secrets before you commit. Exposes the free pre_flight_check tool over stdio.
- @permanentlymobile/pm-aidReleased5d agoVersion1.1.0
PM AID Full -- AI agent defense scanner. 74 shipped JS-native modules, including refusal-bait scanner evasion, offline ED25519 licensing, Basic/Full module tiers, and zero-retention local scans.