CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Pin your 3rd Party Github Actions and Docker Images dependencies.

Security wrapper for package managers using a local MITM proxy and the OSSF malicious-packages DB to block malware before install.

malFuse is a local HTTP proxy firewall that prevents software supply chain poisoning by intercepting package install requests and blocking malicious packages before they reach your disk. Built in Go with zero runtime dependencies.

Self-hosted dependency release surveillance and malicious package tripwire

One command to protect all your package managers from supply-chain attacks