This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
DepsGuard
Configure once, prevent the next compromised package install
Prevent the next npm supply chain compromise like the GitHub, axios, @tanstack attacks from impacting you. One command to scan and fix npm, pnpm, yarn, bun, and uv configs using security best practices. Free and open source (MIT), 100% Rust, zero dependencies, brought to you by the AppSec experts at Arnica.
Hey PH 👋
I'm Eran, co-founder/CTO at Arnica.
Whether you are a professional developer or a "vibe coder" you probably got news from social media or a friend about compromised packages, probably you heard about the recent tanstack issue, or axios, and if not, that's ok, I'll explain why it's important.
If you are a professional developer and knows what is npm, what is a supply chain attack, and what are cooldowns, and just want to have best practice configuration on your laptop just go to https://depsguard.com, install, click next, and you'll be protected.
If you are a vibe coder and don't care about all the explanation and just want to protect yourself, do the same as above :)
For vibe coders:
When Cursor or Claude Code runs npm install, it's downloading code from strangers onto your laptop and running it. A typical project pulls in around 1,500 of these packages. That code can read your API keys, AWS credentials, and crypto wallets.
Lately, attackers have been hijacking popular package maintainers' accounts and publishing malicious versions. Those versions get removed within hours, but those hours are enough to hit thousands of laptops. DepsGuard tells your package manager to ignore anything less than 7 days old, so the bad versions are removed before you'd ever touch them.
For professional developers:
You know the drill. axios, @tanstack, Bitwarden CLI, Shai-Hulud, same shape every time: account compromise, malicious version, 3-hour window, removal, repeat next month.
Every modern package manager (npm, pnpm, yarn, bun, uv) now ships with a release-age delay. pnpm latest defaults to 1 day. Most teams don't have any of these on because they shipped quietly in the last year. DepsGuard checks your user-level configs and your repos, shows what's missing across all five managers plus Renovate and Dependabot, previews the diff, applies it, keeps a backup.
This was created as a service to the community, free forever, MIT license (this means you can use it for free, modify it, even sell it if you want)
Got to https://depsguard.com to protect yourself now!
About DepsGuard on Product Hunt
“Configure once, prevent the next compromised package install”
DepsGuard was submitted on Product Hunt and earned 10 upvotes and 1 comments, placing #45 on the daily leaderboard. Prevent the next npm supply chain compromise like the GitHub, axios, @tanstack attacks from impacting you. One command to scan and fix npm, pnpm, yarn, bun, and uv configs using security best practices. Free and open source (MIT), 100% Rust, zero dependencies, brought to you by the AppSec experts at Arnica.
On the analytics side, DepsGuard competes within Open Source, Developer Tools, GitHub and Security — topics that collectively have 626.5k followers on Product Hunt. The dashboard above tracks how DepsGuard performed against the three products that launched closest to it on the same day.
Who hunted DepsGuard?
DepsGuard was hunted by Anna Daugherty. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of DepsGuard including community comment highlights and product details, visit the product overview.
Anna Daugherty