Software that helps prevent, detect, or recover from the incidents tracked in this repo. Cross-referenced with the prevention and playbooks sections.
Pre-install / install-time
| Tool |
What it does |
Cost |
License |
| Socket |
Reputation scoring + behavioral indicators (supply-chain risk list). Browser extension + GitHub App. Caught most 2025–2026 npm worms within hours. |
Free tier; paid for orgs. |
Commercial |
npq |
Wraps npm install, prompts before installing low-reputation packages. Maintained by Liran Tal (Node.js Security WG). |
Free |
Apache-2.0 |
| Snyk Open Source |
Dep + code vuln scanning, IDE plugin, CI integration, auto-fix PRs. |
Free tier; paid for orgs. |
Commercial |
| StepSecurity Harden-Runner |
Locks down GitHub Actions runners — alerts on unexpected outbound. Caught several supply-chain attacks live. |
Free for OSS / paid tier. |
Apache-2.0 |
| npm cooldown |
Built-in: npm config set before "<3 days ago>". pnpm has minimum-release-age. Simplest, most underused defense. |
Free |
— |
Lockfile + repo scanning
| Tool |
What it does |
Cost |
License |
npm audit |
Built-in, reads GHSA. Quick first pass. Known limitations — don't rely on it alone. |
Free |
ISC |
osv-scanner |
Google's all-ecosystem scanner, reads osv.dev. |
Free |
Apache-2.0 |
lockfile-lint |
Validates lockfile sources, hostnames, integrity. Wire into pre-commit. |
Free |
Apache-2.0 |
| Semgrep |
Fast SAST with curated rule sets. Catches lots of vibe-coded antipatterns. |
Free tier; paid for advanced rules. |
LGPL |
| Trivy |
Container + filesystem + SBOM scanner. Strong supply-chain coverage. |
Free |
Apache-2.0 |
| GitHub Advanced Security (CodeQL) |
Deep semantic analysis if you're on a paid GitHub plan. |
Paid |
Commercial |
Vibe-coded app scanning
Credential / secret management
| Tool |
What it does |
Cost |
License |
| 1Password CLI |
op run --env-file=... injects secrets at runtime, never on disk. |
Paid |
Commercial |
| Bitwarden CLI |
OSS alternative to 1Password CLI. |
Free + paid |
GPL |
| Doppler |
Hosted secrets manager with CLI injection. |
Free tier |
Commercial |
| Infisical |
OSS secrets manager. Self-hostable. |
Free + cloud |
MIT |
| HashiCorp Vault |
Industry-standard secrets vault for orgs; dynamic secrets, leasing. |
Free + Enterprise |
MPL / BSL |
gitleaks |
Pre-commit secret scanner. Wire into Husky / lefthook. |
Free |
MIT |
trufflehog |
Repo + filesystem secret scanner. Also what Shai-Hulud 2.0 uses against you — running it on your own assets first is good defense. |
Free + paid |
AGPL |
| GitGuardian |
Server-side commit scanning + history sweep. |
Free tier |
Commercial |
| GitHub secret scanning + push protection |
Built into GitHub. Blocks commits with known token patterns. Free for public repos. |
Free / paid |
— |
MCP-specific
| Tool |
What it does |
Cost |
License |
| MCP Inspector |
Official Anthropic tool. Sandbox + introspect an MCP before connecting. |
Free |
MIT |
mcp-scan |
Static analysis for MCP servers — flags risky patterns. |
Free |
Apache-2.0 |
Agent sandboxing
| Tool |
What it does |
Cost |
License |
| devcontainers |
VS Code + Docker isolated dev envs. The default answer for AI agent sandboxing. |
Free |
MIT |
| Claude Code built-in sandbox |
Anthropic's official filesystem + network isolation. ~84% reduction in permission prompts in their internal testing. |
Free |
Commercial |
| Lima / OrbStack |
Lightweight macOS VMs for higher-isolation work. |
Free / paid |
Apache-2.0 / Commercial |
| gVisor |
Userspace kernel container runtime — stronger isolation than vanilla Docker. |
Free |
Apache-2.0 |
| Anthropic's Claude Code devcontainer |
Reference devcontainer setup. Fork it. |
Free |
MIT |
CI/CD hardening
| Tool |
What it does |
License |
| StepSecurity Harden-Runner |
Egress allowlist + tampering detection for GitHub Actions. Caught real attacks live. |
Apache-2.0 |
zizmor |
Static analysis for GitHub Actions workflows. Catches the "Pwn Request" pattern that hit TanStack. |
MIT |
| OpenSSF Scorecard |
Auto-scores your repo's security posture (signed commits, dependency pinning, branch protection, etc.). |
Apache-2.0 |
| OpenSSF Allstar |
GitHub App that enforces baseline security policies across your org. |
Apache-2.0 |
npm trusted publishing |
Built into npm CLI ≥11.5.1. OIDC publishing from CI; kill long-lived tokens. |
— |
| npm provenance |
npm publish --provenance adds SLSA-style attestation. |
— |
Standards and frameworks (reference)
For teams that want to formalize this:
What we use to maintain this repo
- Manual research across the sources in sources/.
- GHSA + Socket RSS feeds for the first signal on most new incidents.
- X lists for the fastest commentary (especially weekends).
vibe-security-update skill — tiered sweep (deep 24h / medium 3d / shallow 7d) with self-learning source-priority list. Run it via Claude Code to refresh ALERTS.md and the advisories.