← back to ideas

Secure Package Integrity Verifier

8.0
security profitable added: Saturday July 2026 21:50

A software tool that automatically scans npm packages and other software dependencies for known vulnerabilities and malicious code, particularly focusing on pre-install hooks detected post-publication like the jscrambler incident, providing real-time alerts and remediation suggestions. It integrates with CI/CD pipelines.

180h
mvp estimate
8.0
viability grade
3
views

technology stack

Python PostgreSQL Medium

inspired by

jscrambler npm package compromised with malicious infostealer