All activity
mckeane mcbreartyleft a comment
Hey Product Hunt! 👋 I built Dependency Guardian after being affected by the Shai Hulud npm worm attack. It made clear how quietly a compromised dependency can unravel everything you've worked on. Dependency Guardian runs as a GitHub App or CLI tool and is designed to fit into your existing workflow without friction. There is a free tier and no account required to get started. We only send your...
Dependency GuardianYour dependencies are your biggest attack surface.
Every app today relies on hundreds of open source packages written by strangers. Tools like npm audit and CVE databases only catch known threats
(attacks that already happened)
When you install a dependency or open a pull request, Dependency Guardian downloads the package tarball and runs behavioral detectors directly against the source code. No CVE lookups. Just static analysis.
That means it can catch zero day attacks before they ever reach your production pipeline.
Dependency GuardianYour dependencies are your biggest attack surface.