Data models for UN/CEFACT semantic vocabularies.
Zero-dep local CLI and MCP server that scans npm packages for supply-chain risk. OSV vuln pre-check, sandboxed quarantine, tarball-integrity verification, calibrated static heuristics, GitHub provenance cross-check.
Supply-chain threat detection & response for npm & PyPI/Python
Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs
HS code lookup, tariff calculation, and customs duty estimation for international trade and cross-border logistics automation.
HS code classifier for AI agents. Classifies products to official 6-digit tariff codes before customs declarations or duty calculations. VERIFIED verdict in one call.
Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, uv, and bundler.
Catch hallucinated, squatted, unpublished, or vulnerable dependencies — grades the packages in your lockfiles against the live registry + OSV.
Supply-chain security audit for npm packages, as an MCP tool and a pay-per-call x402 endpoint. Cross-references known CVE/GHSA advisories (OSV.dev) and detects typosquatting, malicious install scripts, token/credential exfiltration and other red flags BEF
SLSA v1.2 provenance mapping for PEAC provenance extension
Trustify :: Dependency Analytics :: API
in-toto v1.0 attestation mapping for PEAC provenance extension
Calculate shipping rates by weight, dimensions, zone, and carrier with support for domestic and international freight.
n8n community node for TracePass — automate EU Digital Product Passport workflows: products, passports, EPCIS supply-chain events.
Audit AI agent configs (prompt injection, rogue MCP servers) and vet packages — local, zero-dependency. CLI + MCP server.
Fingerprinting + drift/rug-pull detection engine for the MCP supply chain (Mintmark core).
Local-first CLI that blocks risky npm, pnpm, and bun installs before they run. Open source.
Static crawler + threat-intel API + dashboard for the MCP supply chain (the Mintmark census / Dirty Surface Index).
MCP server for datasig.ai — supply chain signal intelligence with x402 USDC micropayments
The trust layer for the MCP supply chain - fingerprint MCP servers and detect rug-pulls/drift from your terminal.
Audit the LICENSE of every npm dependency before you ship. Resolves each dependency's real license from the live npm registry and flags GPL/AGPL/LGPL copyleft, BUSL/SSPL/Elastic source-available, non-commercial and unlicensed packages incompatible with yo
Audit a package-lock.json for supply-chain attacks BEFORE npm install. Cross-checks every resolved dependency against the live npm registry: blocks integrity (sha512) mismatches (lockfile poisoning) and not-on-registry entries, and flags new/fresh depende
Account-free MCP server: catch AI-hallucinated packages and hardcoded secrets before you commit. Exposes the free pre_flight_check tool over stdio.
PM AID Full -- AI agent defense scanner. 74 shipped JS-native modules, including refusal-bait scanner evasion, offline ED25519 licensing, Basic/Full module tiers, and zero-retention local scans.