Launched this week

trawld

Launched this week

catch vulnerable dependencies before they catch you

5 followers

catch vulnerable dependencies before they catch you

5 followers

Visit website

most dependency scanners run in CI. trawld runs on the machine. install the agent once globally and it watches every project you have, npm and pip, cross-references against the OSV database, and streams findings to a live dashboard across all your machines. no config, no pipeline setup. it also queues remediation commands through the agent's heartbeat loop so fixes reach machines without needing persistent server connections. built for developers who vibe-code fast and forget to audit.

Free

Launch tags:Open Source•Developer Tools•GitHub

Launch Team

FramerLaunch websites with enterprise needs at startup speeds.

Promoted

Maker

📌

built this after catching a vulnerable transitive dependency in production that nobody knew existed. not the package we installed. something three layers deep. went looking for a tool that just watched silently and screamed when something was wrong. didn't find one. so here we are. happy to answer anything about how the agent or the dashboard works.

Report

7d ago

Forum Threads

p/trawld

•

6d ago

hey, i'm Wahid, i built trawld.

the short version: i was doing a routine security review at work, caught an anomaly that traced back to a transitive dependency nobody had audited. not the package we installed. something three layers deep. went looking for a tool that just watched silently and flagged it. didn't find one. built trawld instead.

it's fully open source. one install, watches every project on your machine, no config needed.

View all