Smelly

5.0(

1 rating

)

Extension Developer Tools4 users

Overview

Smelly: A nose for vulnerable dependencies

Smelly is your lightweight browser companion for discovering security vulnerabilities in open source dependencies instantly, as you explore package registries. Smelly simply monitors package URLs you visit (like npm, PyPI, and NuGet), extracts the package name and version directly from the address, and checks them against the trusted OSV.dev vulnerability database. When it finds something smelly — an outdated or insecure version — it shows you the details and a recommended upgrade path, right in your browser. What Smelly Does? - Automatically detects when you visit supported package pages on supported package repositories. - Queries the OSV.dev API for known vulnerabilities in the package version. - Displays issues in a clean popup view with: - CVE / GHSA identifiers - Severity levels and summaries - Affected ranges - Safe upgrade versions - Recommends the minimal secure version to upgrade to — keeping your dependencies clean and current. Upcoming Support More ecosystems are on the way — including Maven, Go, and more. Privacy & Security - No DOM access or page scraping. - No data collection, telemetry, or tracking. - Only outbound calls are made to the OSV.dev API. - All logic runs locally in your browser. Keywords: security, osv, vulnerability, cve, dependency, npm, pypi, nuget, open source, devsecops, supply chain, package security

5 out of 5
1 rating
Learn more about results and reviews.

Details

Version
0.0.2
Updated
October 10, 2025
Flag concern
Offered by
Gurunath
Size
284KiB
Languages
English
Developer
Email
gurunath.me+chrome@gmail.com
Non-trader
This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

Manage extensions and learn how they're being used in your organization

The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Haven

4.8

Your Secure Browsing Companion

DNS Leak Test

4.9

Stay private: run a quick dns leak test, get an instant dns leak check, and confirm with a dns leak detector for confident browsing

Cookie Guard

4.9

Real-time detection of affiliate tracking cookies

VulnCheck Insights

5.0

Lookup CVEs, CPEs, and PURLs with VulnCheck

Clickjacking Security Scanner

5.0

Detect clickjacking vulnerabilities by analyzing headers.

Accessibility Audit

5.0

Right-click accessibility auditing powered by axe-core

CAST Highlight SCA Chrome Extension

5.0

Check health of Open Source components directly from forge websites (github, gitlab, npmjs...)

Agentic Open Node

0.0

Agentic Open — Browser node for AI network

Sekant Web Security

5.0

De-risk web browsing with embedded runtime intelligence

Neural Shield

4.8