Skip to content
@safedep

SafeDep

Safe & Trusted Open Source Components
README.md
SafeDep Banner

shield Protect Your Code. Stop Malicious Packages.

We scan the code you didn’t write — before it reaches your codebase.

Website


SafeDep protects you from malicious code hidden in the open source packages you install every day. Secure your supply chain with PMG & VET.

💡 Why SafeDep?

bolt Real-time Detection cogs CI/CD Native
Detect malicious packages instantly before they enter your dependency tree. Protect your builds and pipelines automatically with our open-source tooling.
fire-extinguisher Risk Reduction users Community Trusted
Drastically reduce risks from compromised dependencies and typosquatting. Open source tooling, trusted by developers and security engineers worldwide.

🤝 Join the Mission

We are securing the ecosystem one package at a time.

star Star our Reposbug Report Issuescomments Discussions

Pinned Loading

  1. vet vet Public

    Protect against malicious open source packages 🤖

    Go 942 87

  2. vet-action vet-action Public

    GitHub Action for policy driven vetting of open source dependencies

    TypeScript 11 2

  3. pmg pmg Public

    PMG protects developers from getting hacked by malicious open source packages. Stop the next Shai-Hulud or S1ngularity before it happens.

    Go 95 11

  4. xbom xbom Public

    Generate xBOMs enriched with AI, SaaS, Crypto and more using Static Code Analysis

    Go 26 3

Repositories

Showing 10 of 35 repositories
  • vet Public

    Protect against malicious open source packages 🤖

    safedep/vet’s past year of commit activity
    Go 942 Apache-2.0 87 80 (1 issue needs help) 16 Updated Feb 6, 2026
  • pmg Public

    PMG protects developers from getting hacked by malicious open source packages. Stop the next Shai-Hulud or S1ngularity before it happens.

    safedep/pmg’s past year of commit activity
    Go 95 Apache-2.0 11 17 (4 issues need help) 1 Updated Feb 6, 2026
  • gryph Public

    The AI coding agent audit trail tool

    safedep/gryph’s past year of commit activity
    Go 32 Apache-2.0 2 3 1 Updated Feb 6, 2026
  • pypi-test-package Public

    Test package for various pypi registry access requirements

    safedep/pypi-test-package’s past year of commit activity
    Python 0 0 0 0 Updated Feb 5, 2026
  • vet-action Public

    GitHub Action for policy driven vetting of open source dependencies

    safedep/vet-action’s past year of commit activity
    TypeScript 11 Apache-2.0 2 8 6 Updated Feb 5, 2026
  • homebrew-tap Public
    safedep/homebrew-tap’s past year of commit activity
    Ruby 0 0 0 0 Updated Feb 4, 2026
  • docs Public
    safedep/docs’s past year of commit activity
    MDX 0 0 2 0 Updated Feb 4, 2026
  • vet-bitbucket-pipe Public

    Bitbucket Pipe for vet

    safedep/vet-bitbucket-pipe’s past year of commit activity
    Shell 1 Apache-2.0 0 0 0 Updated Jan 31, 2026
  • dry Public

    Do not repeat yourself. Re-usable utils for Go apps

    safedep/dry’s past year of commit activity
    Go 4 Apache-2.0 0 3 1 Updated Jan 31, 2026
  • .github Public
    safedep/.github’s past year of commit activity
    0 1 0 1 Updated Jan 28, 2026
View all repositories

Most used topics

Loading…
Developer Program Member