Local-first CLI that blocks risky npm, pnpm, and bun installs before they run. Open source.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Local-first CLI that blocks risky npm, pnpm, and bun installs before they run. Open source.