Vet Alternatives

vet reviews and mentions

• Vet MCP: Software Composition Analysis for AI Code Editors
  1 project | news.ycombinator.com | 6 Jun 2025
• Malicious npm Package Impersonating Popular Express Cookie Parser
  2 projects | dev.to | 27 May 2025

  Our free and open source tool vet is integrated with the SafeDep Cloud Package Scanning Service and can be used to detect malicious packages before they are installed. vet-action is a GitHub Action that can be used to establish proactive guardrails against malicious open source packages in your GitHub Actions workflows.

• How to Effectively Vet Your Supply Chain for Optimal Performance
  2 projects | dev.to | 15 May 2025

  Explore about SafeDep on GitHub - https://github.com/safedep/vet

• Ask HN: How are you acquiring first 100 users?
  2 projects | news.ycombinator.com | 13 May 2025

  Not sure if it’s relevant because you specifically mentioned about B2C.

  For cyber security product, we took the open source route. We build our core technology in public as open source project.

  https://github.com/safedep/vet

  The commercial SaaS is for scaling and management. Our entire funnel is based on OSS. Folks who have already found value and is looking to scale their deployment.

  This model works for us especially at our current stage where we are 100% engineering led.

• Show HN: MCP-Shield – Detects security issues in MCP servers
  5 projects | news.ycombinator.com | 14 Apr 2025

  May be try out vet as well: https://github.com/safedep/vet

  vet is backed by a code analysis engine that performs malicious package (npm, pypi etc.) scanning. We recently extended it to support GitHub repository scanning as well.

  It found the malicious behaviour in mcp-servers-example/bad-mcp-server.js

• Agentic Analysis of Open Source Package Code for Malware
  1 project | dev.to | 8 Apr 2025

  ➡️ https://github.com/safedep/vet

• Scanning Open Source Packages for Malicious Code 🚨
  3 projects | dev.to | 26 Mar 2025

  Malicious code in open sources is real and people get hacked due to it as we have seen with changed-files incident, ultralytics hack and multiple such incidents. vet now supports identification of malicious OSS packages through active code analysis.

• Show HN: Scan GitHub Actions for Malicious Code
  1 project | news.ycombinator.com | 20 Mar 2025
• Popular GitHub Action tj-actions/changed-files is compromised
  35 projects | news.ycombinator.com | 14 Mar 2025

  I think the conventional approach of checking for vulnerabilities in 3rd party dependencies by querying CVE or some other database has set the current behaviour i.e. if its not vulnerable it must be safe. This implicit trust on vulnerability databases has been exploited in the wild to push malicious code to downstream users.

  I think we will see security tools shifting towards "code" as the source of truth when making safety and security decision about 3rd party packages instead of relying only on known vulnerability databases.

  Take a look at vet, we are working on active code analysis of OSS packages (+ transitive dependencies) to look for malicious code: https://github.com/safedep/vet

• Show HN: Vetpkg.dev – open-source Package Security Dashboard
  2 projects | news.ycombinator.com | 19 Feb 2025

  Hello HN! I want to share a new open source project I built. https://vetpkg.dev/ The goal is to provide a single view for developers and security engineers with all the information they need to make a decision about safety of an open source package.

  As the developer of https://github.com/safedep/vet, I often get feedback from users that installing and setting up vet in CI/CD with custom policies takes time. A web page using which anyone can quickly see package security metadata is a good start for engineers to quickly get new OSS packages approved internally.

  vetpkg.dev is open source, developed at https://github.com/safedep/vetpkg.dev It is a simple frontend over APIs that we built by aggregating public and private data sources on OSS package security and code analysis.

  vetpkg.dev also aggregates data from our OSS package code analysis tool that we run on all new PyPI and npm packages to proactively detect malicious code.

  Love to hear if it helps you make a decision about adopting OSS packages quickly within your SDLC.

• A note from our sponsor - SaaSHub
  www.saashub.com | 20 Jun 2025

  SaaSHub helps you find the best software and product alternatives Learn more →