SafeDep Logo
GitHub App Launched Install Now

Protect Your Code
Stop Malicious Packages

AI powered Human verified malicious package
protection working 24x7 for your developers

Your stack is full of moving parts.
We scan them all.

Docker NPM PyPI RubyGems Go

Real-Time Threat Feed

SafeDep continuously scans open source packages for malicious code. Here's a look at our analysis pipeline.

npm

v-plausible

Version: 1.2.1

Malicious
npm

victoria-wallet-utils

Version: 0.1.1

Malicious
rubygems

rails

Version: 7.0.4

Clean
npm

vue

Version: 3.2.39

Clean
npm

use-unsaved-changes

Version: 1.0.9

Malicious
npm

zuper-cli

Version: 1.0.1

Malicious
npm

wenk

Version: 1.0.10

Malicious
rubygems

devise

Version: 4.8.1

Clean
npm

upload-to-play-store

Version: 1.0.1

Malicious
npm

valuedex-sdk

Version: 3.0.5

Malicious
npm

victoria-wallet-type

Version: 0.1.1

Malicious
npm

vf-oss-template

Version: 1.0.2

Malicious
npm

wallet-evm

Version: 0.3.1

Malicious
npm

uplandui

Version: 0.5.4

Malicious
npm

vf-oss-template

Version: 1.0.3

Malicious
npm

zuper-sdk

Version: 1.0.57

Malicious
npm

url-encode-decode

Version: 1.0.1

Malicious
npm

victoria-wallet-core

Version: 0.1.1

Malicious
npm

wenk

Version: 1.0.9

Malicious
npm

victoria-wallet-utils

Version: 0.1.2

Malicious
npm

wellness-expert-ng-gallery

Version: 5.1.1

Malicious
cargo

tokio

Version: 1.21.2

Clean
npm

vf-oss-template

Version: 1.0.1

Malicious
npm

victoria-wallet-constants

Version: 0.1.1

Malicious
pypi

requests

Version: 2.28.1

Clean
pypi

fastapi

Version: 0.85.0

Clean
npm

wallet-evm

Version: 0.3.2

Malicious
npm

web-scraper-mcp

Version: 1.1.4

Malicious
npm

upload-to-play-store

Version: 1.0.2

Malicious
npm

express

Version: 4.18.1

Clean
npm

victoria-wallet-type

Version: 0.1.2

Malicious
cargo

async-std

Version: 1.12.0

Clean
npm

valid-south-african-id

Version: 1.0.3

Malicious
npm

zuper-stream

Version: 2.0.9

Malicious
npm

url-encode-decode

Version: 1.0.2

Malicious
npm

react-dom

Version: 18.2.0

Clean
npm

vue-browserupdate-nuxt

Version: 1.0.5

Malicious
npm

vf-oss-template

Version: 1.0.4

Malicious
npm

victoria-wallet-validator

Version: 0.1.1

Malicious
npm

@quick-start-soft/quick-remove-image-background

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-git-clean-markdown

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-document-translator

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-markdown-image

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-task-refine

Version: 1.4.2511142126

Malicious
npm

@asyncapi/modelina

Version: 5.10.2

Malicious
npm

posthog-node

Version: 4.18.1

Malicious
npm

@postman/node-keytar

Version: 7.9.2

Suspicious
npm

@postman/tunnel-agent

Version: 0.6.5

Malicious
npm

@postman/wdio-allure-reporter

Version: 0.0.7

Malicious
npm

@postman/wdio-allure-reporter

Version: 0.0.8

Malicious
npm

@postman/postman-mcp-cli

Version: 1.0.3

Malicious
npm

@postman/postman-mcp-cli

Version: 1.0.4

Malicious
npm

@postman/wdio-junit-reporter

Version: 0.0.4

Malicious
npm

@postman/wdio-junit-reporter

Version: 0.0.5

Malicious
npm

@postman/pm-bin-macos-arm64

Version: 1.24.4

Malicious
npm

@postman/pm-bin-macos-arm64

Version: 1.24.5

Malicious
npm

@postman/pm-bin-linux-x64

Version: 1.24.4

Malicious
npm

@postman/pm-bin-linux-x64

Version: 1.24.5

Malicious
npm

@postman/aether-icons

Version: 2.23.3

Malicious
npm

@postman/aether-icons

Version: 2.23.4

Malicious
npm

v-plausible

Version: 1.2.1

Malicious
npm

victoria-wallet-utils

Version: 0.1.1

Malicious
rubygems

rails

Version: 7.0.4

Clean
npm

vue

Version: 3.2.39

Clean
npm

use-unsaved-changes

Version: 1.0.9

Malicious
npm

zuper-cli

Version: 1.0.1

Malicious
npm

wenk

Version: 1.0.10

Malicious
rubygems

devise

Version: 4.8.1

Clean
npm

upload-to-play-store

Version: 1.0.1

Malicious
npm

valuedex-sdk

Version: 3.0.5

Malicious
npm

victoria-wallet-type

Version: 0.1.1

Malicious
npm

vf-oss-template

Version: 1.0.2

Malicious
npm

wallet-evm

Version: 0.3.1

Malicious
npm

uplandui

Version: 0.5.4

Malicious
npm

vf-oss-template

Version: 1.0.3

Malicious
npm

zuper-sdk

Version: 1.0.57

Malicious
npm

url-encode-decode

Version: 1.0.1

Malicious
npm

victoria-wallet-core

Version: 0.1.1

Malicious
npm

wenk

Version: 1.0.9

Malicious
npm

victoria-wallet-utils

Version: 0.1.2

Malicious
npm

wellness-expert-ng-gallery

Version: 5.1.1

Malicious
cargo

tokio

Version: 1.21.2

Clean
npm

vf-oss-template

Version: 1.0.1

Malicious
npm

victoria-wallet-constants

Version: 0.1.1

Malicious
pypi

requests

Version: 2.28.1

Clean
pypi

fastapi

Version: 0.85.0

Clean
npm

wallet-evm

Version: 0.3.2

Malicious
npm

web-scraper-mcp

Version: 1.1.4

Malicious
npm

upload-to-play-store

Version: 1.0.2

Malicious
npm

express

Version: 4.18.1

Clean
npm

victoria-wallet-type

Version: 0.1.2

Malicious
cargo

async-std

Version: 1.12.0

Clean
npm

valid-south-african-id

Version: 1.0.3

Malicious
npm

zuper-stream

Version: 2.0.9

Malicious
npm

url-encode-decode

Version: 1.0.2

Malicious
npm

react-dom

Version: 18.2.0

Clean
npm

vue-browserupdate-nuxt

Version: 1.0.5

Malicious
npm

vf-oss-template

Version: 1.0.4

Malicious
npm

victoria-wallet-validator

Version: 0.1.1

Malicious
npm

@quick-start-soft/quick-remove-image-background

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-git-clean-markdown

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-document-translator

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-markdown-image

Version: 1.4.2511142126

Malicious
npm

@quick-start-soft/quick-task-refine

Version: 1.4.2511142126

Malicious
npm

@asyncapi/modelina

Version: 5.10.2

Malicious
npm

posthog-node

Version: 4.18.1

Malicious
npm

@postman/node-keytar

Version: 7.9.2

Suspicious
npm

@postman/tunnel-agent

Version: 0.6.5

Malicious
npm

@postman/wdio-allure-reporter

Version: 0.0.7

Malicious
npm

@postman/wdio-allure-reporter

Version: 0.0.8

Malicious
npm

@postman/postman-mcp-cli

Version: 1.0.3

Malicious
npm

@postman/postman-mcp-cli

Version: 1.0.4

Malicious
npm

@postman/wdio-junit-reporter

Version: 0.0.4

Malicious
npm

@postman/wdio-junit-reporter

Version: 0.0.5

Malicious
npm

@postman/pm-bin-macos-arm64

Version: 1.24.4

Malicious
npm

@postman/pm-bin-macos-arm64

Version: 1.24.5

Malicious
npm

@postman/pm-bin-linux-x64

Version: 1.24.4

Malicious
npm

@postman/pm-bin-linux-x64

Version: 1.24.5

Malicious
npm

@postman/aether-icons

Version: 2.23.3

Malicious
npm

@postman/aether-icons

Version: 2.23.4

Malicious

Built for the New Reality of Open Source

SafeDep protects developers from malicious code hidden in open source packages installed every day, guarding the entry point, not just the code inside.

External code protection illustration

Guard External Code Continuously

SafeDep addresses the real starting point of risk — third-party open source packages — by stopping malicious code before it ever reaches your repository.

Invisible in Developer Workflow

Invisible in Developer Workflow

SafeDep runs inside your terminal and CI/CD pipeline. No extra dashboards. No context switching. Security that operates silently in the background.

Trust Through Transparency

Trust Through Transparency

SafeDep is open source by default, with no vendor lock-in. Developers see exactly what we scan and the reasons behind every blocked package.

Package monitoring animation
Real-Time Detection

SafeDep Watches

Every OSS Release

Every new package from npm, PyPI, RubyGems, and more is instantly scanned by SafeDep's AI-powered static code analysis engine to detect malicious intent before it spreads. The results are correlated with dynamic analysis in a sandbox and AI agents to ensure accuracy and context.

Package monitoring illustration
Imagine

Scanning Dependencies

As You Code

We scan every dependency inside your pull requests and builds as they run. We block compromised packages before merge, keeping your codebase safe from hidden attacks

Security reports illustration
stay protected

Generate Reports

You can Trust

SafeDep instantly stops malicious packages from entering your workflow, keeping your codebase safe long before public advisories are issued.

Security dashboard illustration
Security Management

Govern and

Track Your OSS Security

Monitor every detected risk, enforce organization-wide policies, and generate audit-ready reports to prove your OSS supply chain is secure.

Your Security Command Center for Open Source.

Real-time visibility, policy control, and actionable intelligence, all in one view.

Security dashboard interfaceThreat detection interfacePolicy management interface

Your Open Source Security Toolkit

Delivers guardrails, visibility, and automation to block malware.

AI-powered package analysis

AI and Security Experts Powered Triage

Let SafeDep's AI analyse suspicious packages and prioritise what matters.

Compliance reporting interface

Compliance & Audit Reports

Generate SBOMs, license reports, and audit logs on demand.

Multi-ecosystem support

Full Ecosystem Coverage

Works with npm, PyPI, RubyGems, Go, and more, all from one platform.

Package integration illustration

Works with Your Stack

Using GitHub Actions, GitLab, or Jenkins? You're covered. We fit right into your pipeline. No extra setup, no new tabs.

GitHub Install GitHub App
GitHub
GitLab
PostgreSQL
Docker
Go
NPM
PyPI
RubyGems
2M+
Packages Scanned
100K+
Components Analysed
1000+
Projects Secured
80%
Threats Blocked
Open Source Banner

Developed for Security
Designed as Open Source

Scan Every PR

SafeDep VET

You open a pull request.
VET scans the diff. If there's malware, we block the merge, right in your CI.

GitHub Install Now
go install github.com/safedep/vet/cmd/vet@latest
Copy
SafeDep VET CLI interface
Start with Open Source

SafeDep PMG

You run NPM Install
PMG checks the package. If it's malware, we block it, right there in your terminal.

GitHub Install Now
go install github.com/safedep/pmg@latest
Copy
SafeDep PMG CLI interface
Background
SafeDep Logo

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

GitHub Install GitHub App