Dependency Guard — AI Package Safety Check avatar

Dependency Guard — AI Package Safety Check

Pricing

from $30.00 / 1,000 results

Go to Apify Store
Dependency Guard — AI Package Safety Check

Dependency Guard — AI Package Safety Check

Catch the fake, malicious and typosquatted packages your AI told you to install — before they ship.

Pricing

from $30.00 / 1,000 results

Rating

0.0

(0)

Developer

Laurent Ferrenti

Laurent Ferrenti

Maintained by Community

Actor stats

0

Bookmarked

1

Total users

0

Monthly active users

13 days ago

Last modified

Share

Dependency Guard 🛡️

Catch the fake and malicious packages your AI told you to install.

AI assistants hallucinate package names that don't exist — and attackers register those names with malware ("slopsquatting"). Dependency Guard checks every dependency in your project against real package registries, known-malware advisories, and a maintained list of AI-hallucinated names, then tells you in plain English what's safe and what to delete.

Who is this for?

  • Vibe coders & non-technical builders — you didn't write it, we'll vet it
  • AI coding agents (via MCP) — verify a package BEFORE you install it
  • Bootcamps & learners — a safety net against copy-paste malware
  • Small teams & freelancers — real checks, no enterprise price

What you get (per package)

Name, whether it actually exists, a 0-100 Risk Score, the reason (hallucinated / malicious / typosquat / suspicious), the closest legit package you probably meant, and a plain-English recommendation.

It knows the difference that matters

A pure-malware package (lodash-utils, 2 downloads/week) is flagged DANGER. A mainstream package where only one version was ever compromised (axios, 110M downloads/week) gets a calm "make sure you're not on the affected version" — not a false alarm. That distinction is the whole product.

Example

Paste your package.json → 7 packages checked → lodash-utils and unused-imports are malware, expres is a typo of express, the rest are fine. Fix them before you ship. Verdict: DANGER.

Why this matters in 2026

AI writes ~41% of all code, and slopsquatting is a real, growing supply-chain attack: huggingface-cli (an AI hallucination) got 30,000 downloads; react-codeshift spread through 237 repos. One bad install = one breach.

Inputs

Paste a package.json, requirements.txt or pyproject.toml, give a list of package names, or point it at a public GitHub repo. npm and PyPI supported.

MCP-ready

Use it from Claude, Cursor or any MCP client: "Before you install anything, check it with Dependency Guard."

Pricing

Pay per scan. A typical project costs a few cents. No subscription.


Need something custom?

Need a custom scraper, MCP server or AI agent? We build them. → [SLING Studio — get a quote]