Hey! I just released Warden v2.0, a CLI tool that scans your Node.js dependencies for malicious packages,
typosquatting, and supply chain attacks.
I got tired of not knowing if my dependencies were safe. npm audit shows CVEs, but what about packages hiding malware
with obfuscated code or stealing your AWS credentials? So I built this.
What it does:
- Scans node_modules for dangerous patterns (obfuscation, credential theft, system execution, etc.)
- Runs npm/pnpm/yarn audits with readable output
- Monitors your network in real-time to see what your node processes are doing
- Checks for license compliance
- Enforces security policies across your team
All 100% local - no data leaves your machine.
Try it:
npm install -g warden-cli
warden scan .
warden monitor
warden doctor
Feedback and contributions welcome!
https://github.com/camilolb/warden/
Top comments (0)