pkgxray

Analyze packages before you install them.

Zero-dependency · runs locally · never executes untrusted code

Try the scan

npm is where the malware is.

Agents install packages and connect to MCP servers at machine speed. The registry they pull from is under industrial-scale attack.

CVE scanners find known bugs. pkgxray asks what the code does — before a single line runs on your machine.

Figures from Sonatype’s 2026 State of the Software Supply Chain and OSS Malware Index; MCP posture from Anthropic’s Dec 2025 update and public registry audits.

Calibration · scanned 2026-07-19

So how often does it call it right?

We ran the scanner over 1,301 published packages — code only, no execution — read every block by hand, and measured recall against a known-malware corpus.

1,301
packages scanned
published npm + MCP, one static pass
0.1%
false blocks, top 1,000
1 of the 1,000 most-downloaded
90.0%
known-malware catch rate
18 of 20 blocked · 0 passed as safe

Watch a verdict form

Pick a package. This demo replays real fixtures — it does not download or execute anything in your browser.

pkgxray guard

            
Real terminal recording — express clears, then a corpus trojan is blocked with cited evidence.

Three verdicts. Stable exit codes.

Click a verdict to see what it means for install, CI, and agents.

No high- or medium-risk indicators. Default policy promotes out of quarantine. Install.

One engine. Every surface.

CLI, MCP, install hook, and CI all share the same policy and the same evidence rules.

  1. guard Quarantine a package, audit bytes, promote only if allowed
  2. mcp Vet a server before connect — most public MCP servers ship with static keys and little verification
  3. hookshot Intercept agent npm install with cited deny
  4. recheck Catch trojaned updates against a stored baseline

Install

Lowest friction first contact — no global install required.

MIT · Node ≥ 18 · Source · Docs