Smelly

Smelly: A nose for vulnerable dependencies

Smelly is your lightweight browser companion for discovering security vulnerabilities in open source dependencies instantly, as you explore package registries. Smelly simply monitors package URLs you visit (like npm, PyPI, and NuGet), extracts the package name and version directly from the address, and checks them against the trusted OSV.dev vulnerability database. When it finds something smelly — an outdated or insecure version — it shows you the details and a recommended upgrade path, right in your browser. What Smelly Does? - Automatically detects when you visit supported package pages on supported package repositories. - Queries the OSV.dev API for known vulnerabilities in the package version. - Displays issues in a clean popup view with: - CVE / GHSA identifiers - Severity levels and summaries - Affected ranges - Safe upgrade versions - Recommends the minimal secure version to upgrade to — keeping your dependencies clean and current. Upcoming Support More ecosystems are on the way — including Maven, Go, and more. Privacy & Security - No DOM access or page scraping. - No data collection, telemetry, or tracking. - Only outbound calls are made to the OSV.dev API. - All logic runs locally in your browser. Keywords: security, osv, vulnerability, cve, dependency, npm, pypi, nuget, open source, devsecops, supply chain, package security