DepsGuard is a command-line utility that hardens package manager configuration files against supply chain attacks.
It checks whether protective settings are enabled for npm, pnpm, Yarn, Bun, aube, uv, pip, and Poetry, and can also inspect Renovate and Dependabot configurations. The tool focuses on enabling existing safeguards such as release cooldowns and install-script blocking, while giving users control over every change before anything is written.
This is free and open source software.
Key Features
- Scans package manager configuration files for recommended supply chain security settings.
- Supports npm, pnpm, Yarn, Bun, aube, uv, pip, and Poetry.
- Checks Renovate and Dependabot configuration files for suitable cooldown periods.
- Offers an interactive terminal interface with selectable fixes and diff previews.
- Creates backups before modifying files and includes a restore command for rollback.
Website: github.com/arnica/depsguard
Support:
Developer: Arnica
License: MIT License
DepsGuard is written in Rust. Learn Rust with our recommended free books and free tutorials.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |