catch vulnerable dependencies before they catch you

trawld - catch vulnerable dependencies before they catch you

by•6d ago

most dependency scanners run in CI. trawld runs on the machine. install the agent once globally and it watches every project you have, npm and pip, cross-references against the OSV database, and streams findings to a live dashboard across all your machines. no config, no pipeline setup. it also queues remediation commands through the agent's heartbeat loop so fixes reach machines without needing persistent server connections. built for developers who vibe-code fast and forget to audit.

Replies

Best

Maker

📌

built this after catching a vulnerable transitive dependency in production that nobody knew existed. not the package we installed. something three layers deep. went looking for a tool that just watched silently and screamed when something was wrong. didn't find one. so here we are. happy to answer anything about how the agent or the dashboard works.

Report

7d ago