Pricing
Plans
| Free | Pro | Team | Enterprise | |
|---|---|---|---|---|
| Price | $0 | $9/mo | $29/mo | Custom |
| Scans per period | 50/day | 5,000/mo | 25,000/mo | Unlimited |
| All 12 ecosystems | Yes | Yes | Yes | Yes |
| CLI access | Yes | Yes | Yes | Yes |
| API access | Yes | Yes | Yes | Yes |
| JSON output | Yes | Yes | Yes | Yes |
| Webhook alerts | No | Yes | Yes | Yes |
| README badge | No | No | Yes | Yes |
| Team dashboard | No | No | Yes | Yes |
| Priority API | No | No | Yes | Yes |
| On-prem binary | No | No | No | Yes |
| SSO | No | No | No | Yes |
| SLA | No | No | No | Yes |
| Support | Community | Priority email | Priority email | Dedicated |
Overage rate: $0.005 per scan beyond your tier limit.
Get started
Sign up at kief.dev/vekt -- Free tier requires an API key but no payment method.
FAQ
What counts as a scan?
One scan is one package-version-ecosystem triple checked against the threat intel database. When you run vekt scan . on a project with 200 unique packages, that counts as 200 scans. Packages that appear in multiple lockfiles within the same scan run are deduplicated -- if lodash@4.17.15 appears in both package-lock.json and yarn.lock, it counts as one scan.
Do I need an API key?
Yes. An API key is required for all scans (CLI and API). The Free tier key is free to obtain at kief.dev/vekt/signup -- no credit card required. Set it via environment variable (VEKT_API_KEY) or pass it as a Bearer token in API requests.
Is there a free trial for paid plans?
Enterprise plans can be evaluated under a time-limited pilot agreement -- contact sales@kief.studio to arrange one. Pro and Team plans can be cancelled anytime with no commitment.
How are overages billed?
Overages are billed monthly at $0.005 per scan beyond your plan limit. You can set a monthly overage cap in your account settings to prevent unexpected charges. Once the cap is reached, the API returns 429 responses until the billing period resets.
Can I switch plans mid-cycle?
Yes. Upgrades take effect immediately and are prorated. Downgrades take effect at the start of the next billing cycle.
What is an on-prem binary?
Enterprise customers can run the threat intel engine on their own infrastructure. The binary operates without outbound network access to Kief infrastructure -- it queries threat databases directly. This is suitable for air-gapped or high-compliance environments. Contact sales for details.