Dependency Intelligence
Scores your dependencies on trust, security, and quality — catching supply chain threats that vulnerability scanners miss.
Every package gets a 0–100 score based on age, downloads, security practices, and metadata quality.
Catches typosquatting, namespace squatting, homoglyph attacks, and known malware before they hit production.
Optionally download and analyze source code for obfuscated payloads, suspicious network calls, and hidden scripts.
Parse CycloneDX SBOMs, requirements.txt, package.json, go.mod, Cargo.toml, pom.xml, and more.
Integrates security best practice data from the OpenSSF Scorecard project for deeper risk assessment.
Check any single package before you install it. One command, instant trust report.
GardWatch meets you where you code — in your editor and alongside your AI assistant.
Inline scores right next to each dependency in your lockfile. Critical packages are highlighted so you can spot risks at a glance.
AI assistants auto-check packages before installing and scan lockfiles after every dependency change. Zero manual effort.
One-click setup for all major AI coding assistants. Standard MCP protocol — no plugins or agents to configure.
Analyze packages across all major ecosystems.