pkgwatch - Zero-cloud vulnerability scanner for developers.

Hi everyone! 👋 I'm thrilled to introduce pkgwatch. Having spent over quite some time in tech, I grew incredibly frustrated with the state of supply chain security tools. Most enterprise scanners require uploading your code to the cloud, take minutes to run, break your flow, and are heavily bloated. I wanted something that felt like a native, lightweight developer tool. So, I built pkgwatch - using bumblebee go binary open-sourced by perplexity. Under the hood: The Engine: Powered by the open-source Bumblebee Go binary (by Perplexity). The Client: Wrapped in a hyper-optimized Rust/Tauri desktop app. The Brain: We built a custom GitHub Actions pipeline that fetches and compiles a fresh catalog.json daily from the Google OSV (Open Source Vulnerabilities) database.Why it's different:100% Local: No telemetry, no code leaves your machine. Ever. Dual-Engine: It doesn't just match known CVEs; it uses heuristic analysis to flag suspicious zero-day packages based on age and naming patterns (typosquatting). Instant: Scans complete in milliseconds. Right now, I am launching the MVP for Windows, with the macOS/Linux versions and a background system tray daemon coming in our free version soon.I'd love for you to download the .exe, run a scan, and let me know what you think of the UI and performance. I'll be hanging out in the comments all day to answer any architectural questions!