Developer Security Tools
Your dependencies are a supply chain attack waiting to happen.
Free tools for developers who take security seriously. Powered by real-time threat data across 12 ecosystems.
vekt scan
$ vekt scan .
Scanning 3 lockfiles in ./projects ...
SCAN COMPLETE: 3 lockfiles | 847 packages | 2 findings
CRITICAL: 1 MALICIOUS package(s) detected!
WARNING: 1 known vulnerability(ies)
--> package-lock.json
MALICIOUS MAL-2024-8821 evil-logger@3.2.1
Exfiltrates env vars via DNS on install
VULN GHSA-xxxx-yyyy lodash@4.17.15
Prototype pollution in defaultsDeep
845 packages clean. Run time: 1.2s
69k+
Packages scanned
12
Ecosystems
22
Lockfile formats
<2s
Avg scan time
Flagship Product
Vekt.
Supply chain threat intelligence for package lockfiles. Catch malicious packages, known vulnerabilities, and typosquats before they reach production.
Detection
- Malicious packages (MAL-* advisories)
- CVE / GHSA vulnerability scanning
- Typosquat detection
Coverage
- 12 package ecosystems
- 22 lockfile formats
- CLI, IDE, browser extension
vekt check package-lock.json
$ vekt check package-lock.json --json
Querying OSV for 847 packages ...
SCAN COMPLETE: 1 lockfile | 847 packages | 3 findings
CRITICAL: 1 MALICIOUS package(s) detected!
INFO: 1 security-holder placeholder(s)
WARNING: 1 known vulnerability(ies)
MALICIOUS MAL-2025-21003 evil-pkg@1.0.0
HOLDER MAL-2025-21003 fs@0.0.1-security
VULN GHSA-xxxx-yyyy lodash@4.17.15
Developer Tools.
Free AI-powered and real-service tools. No signup required.
Security
CVE Explainer
Plain-English vulnerability breakdowns
Open tool
Security
DNS Lookup
Query DNS records for any domain
Open tool
Developer
Regex Builder
Natural language to regular expressions
Open tool
Developer
Cron Generator
Natural language to cron expressions
Open tool
Developer
Code Reviewer
AI code review for security and quality
Open tool
Security
Security Headers
Check HTTP security headers
Open tool
Protect your pipeline.
50 free scans per day. Real-time threat data. Unlimited with Pro.
Get free API key