Vekt - Supply Chain Security

See vulnerabilities, maintainers, and trust data on npm, PyPI, crates.io, and 6 more registries.

Vekt shows you what package registries don't -- vulnerability data, maintainer history, and trust signals -- right on the page where you're evaluating a package. WHAT IT DOES When you visit a package page on any supported registry, Vekt adds a trust bar at the bottom of the screen showing: - Traffic light indicator (green/yellow/red) for instant risk assessment - Package name, version, and ecosystem - Click "Details" to expand the full trust panel The trust panel shows: - OpenSSF Scorecard score - Vulnerability count from OSV.dev (CVEs, GHSAs, MAL-* malicious flags) - Weekly download count - Maintainer list with GitHub profile links and star counts - Dependency count - License information - Package publish date and version history - Provenance/SLSA attestation status - Warnings for abandoned packages, single maintainers, and large dependency trees SUPPORTED REGISTRIES (9) - npm (npmjs.com) - PyPI (pypi.org) - And More! PRIVACY Vekt only sends the package ecosystem, name, and version to check for vulnerabilities. It never transmits your browsing history, page content, cookies, or any other data. Works in incognito without storing state. Full privacy policy: https://kief.dev/privacy DATA SOURCES - OSV.dev (Google) for vulnerabilities and malicious package advisories - deps.dev (Google) for dependency graphs and OpenSSF Scorecard scores - Registry APIs (npm, PyPI, crates.io, RubyGems) for metadata and maintainers - GitHub API for maintainer profiles and star counts FREE TO USE The extension works without an account. Optional API key (free at kief.dev/vekt/signup) enables trust scoring and enriched data. Built by Kief Studio (kief.studio). Source and documentation at kief.dev/vekt. Category: Developer Tools Language: English Website: https://kief.dev/vekt Privacy Policy URL: https://kief.dev/privacy