Detection model
release diff
Detect malicious package releases before they enter your build.
Stop malicious package releases before they reach your build.
Start with 20 free audit scans/month.
Create an account, finish onboarding, and generate an API key for the CLI or GitHub Action.
Ecosystems
npm + PyPI
Free tier
20 scans/mo
Paid wedge
CI blocking
Evidence-first dependency scanning
ReleaseWarden compares package releases and leads with what changed, not a generic score.
Package lookup
Inspect npm or PyPI versions with OSV context, static evidence, and safe-version guidance when available.
Lockfile scan
Paste package-lock.json or requirements.txt and see risky dependency versions before wiring CI.
Audit now, block later
Free accounts start in audit mode. Solo unlocks CI blocking after manual upgrade while billing stays deferred.
What it catches first
Current MVP is static and advisory-backed. Sandbox verdicts stay gated until containment is approved.
New install scripts
tracked
Malware-like advisories
context
Suspicious artifacts
flagged
Safe or patched version
recommended
Package execution verdicts
gated
Launch path
Create an account, scan a manifest, generate an API key, then add the GitHub Action when ready.