PMG dependency cooldown: wait on fresh npm versions
Package Manager Guard (PMG) blocks malicious installs and now supports dependency cooldown, a configurable window that hides brand-new npm versions during resolution so installs prefer older,...
announcements
Contributing to SafeDep Open Source Projects during Hacktoberfest 2025
Learn how to contribute to SafeDep open source projects during Hacktoberfest 2025 and help secure the open source software supply chain.
Introducing SafeDep Model Context Protocol (MCP) Server to Secure AI Generated Code
Introducing SafeDep Model Context Protocol (MCP) Server, a new feature in SafeDep vet to secure AI generated code and protect against slopsquatting attacks, vulnerable and malicious packages.
Why We Built a Hosted MCP Server to Stop Malicious Packages for AI Agents
Exposing an MCP server is trivial. Making it useful for AI agents is not. Here's what we learned dogfooding our own tool, and why we built a hosted MCP server backed by real-time open source threat...
Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection
SafeDep launches a GitHub App for zero-configuration protection against malicious open source packages. Instantly scan pull requests and keep your code repositories safe from supply chain attacks.
Introducing Container Image Scanning
Introducing Container Image Scanning, a new feature in vet to identify vulnerabilities and malicious packages in container images.
