Secure Package Integrity Verifier
8.0
A software tool that automatically scans npm packages and other software dependencies for known vulnerabilities and malicious code, particularly focusing on pre-install hooks detected post-publication like the jscrambler incident, providing real-time alerts and remediation suggestions. It integrates with CI/CD pipelines.
180h
mvp estimate
8.0
viability grade
3
views
technology stack
Python
PostgreSQL
Medium
inspired by
jscrambler npm package compromised with malicious infostealer