Neutralize Supply Risks At the Source.

Stop malicious packages at the registry level, before they reach a single user. Built for registry operators and teams that run their own package infrastructure.

Protect Your Registry View Intelligence
Scanning Ecosystems
OPEN VSX
VS CODE
NPM SOON
PYPI SOON
Defends IDEs
VS Code Cursor Windsurf VSCodium Gitpod Antigravity Codespaces Void Theia
Argus Registry Malware Interception
Tactical Log Feed
FILTER: CRITICAL_ONLY
[--:--:--] Initializing defensive protocols...

Client Testimonials

See why teams trust us

Yeeth Security helped us enhance the security framework of the Open VSX Registry. Their work introduced pre-publish checks, quarantine workflows, and threat-informed detection mechanisms that significantly strengthen the platform's security while keeping the publishing process straightforward for extension publishers.
Christopher Guindon
Christopher Guindon Director, Software Development — Eclipse Foundation
OpenVSX Security Guardian

Products

Purpose-built supply chain defense

Tools that stop malicious packages before they reach a single developer.

Scans Run
Threats Blocked
Campaigns Tracked
Registry Security

Argus

Registries are a high-value target. A single malicious package can reach thousands of developers before anyone notices. Argus plugs into your publish pipeline and runs every submission through a multi-stage analysis before it goes live.

YARA
AST
Network
Fuzzy Hash
AI Synthesis
Risk Score
  • Blocks malicious packages before any user can download them
  • Works with public registries and self-hosted package infrastructure
  • We work with registries to build and deploy scanning infrastructure end-to-end
  • Webhook alerts to Discord, Slack and HMAC endpoints
Request Access
Scan Feed SCANNING...
Featured Detection

SleepyDuck

A backdoor published under an account impersonating a well-known open source developer. The extension collected host telemetry and executed arbitrary code received from a remote C2 server. Caught pre-publish. Zero users affected.

Read the Report
Extension Nomic.hardhat
Campaign SleepyDuck
Vector Publisher Impersonation
C2 function.undefined21[.]com
Verdict THREAT  · 96
Developer Tooling

DevGuard

Surfaces Argus risk scores directly in your editor. See threat verdicts on installed packages without leaving your IDE — no extra tooling, no context switching.

  • Inline risk scores on every installed extension
  • Real-time flags for packages Argus marks as threats
  • Free to install from Open VSX
Compatible IDEs
VS Code Cursor Windsurf VSCodium Gitpod Antigravity Codespaces Void Theia
Downloads
Version
AGPL-3.0 License
Install DevGuard
Open VSX · Extensions
Prettier esbenp.prettier-vscode
CLEAN
ESLint dbaeumer.vscode-eslint
CLEAN
Solidity nomic.hardhat
THREAT · 96
GitLens eamodio.gitlens
CLEAN
Claude Code Integration

Yeeth Claw

Supply chain security hooks for Claude Code. Intercepts npm, pip, yarn, pnpm, and cargo install commands before they execute, and checks each package for age, typosquat, and install-script risk signals.

  • Blocks suspicious installs before Claude Code runs them
  • Flags brand-new packages, typosquats, and postinstall scripts
  • Optional Argus API integration for full static analysis
Get Yeeth Claw
Install
$ openclaw skills install yeeth-claw
Hook installed to ~/.claude/hooks/openclaw/
Claude Code · PreToolUse Hook
$ npm install chalk
Yeeth Claw: package published 3 days ago
BLOCKED: age < 7d + install script detected
Submitted to Argus for analysis
$ _

Latest Briefings

Threat intelligence from the field

Research and analysis from the Yeeth Security team.

GLASSWORM.WASM: Deconstructing the TinyGo WebAssembly Loader Hitting Open VSX Malware Analysis
Jun 16, 2026

GLASSWORM.WASM: Deconstructing the TinyGo WebAssembly Loader Hitting Open VSX

Argus caught a variation of the GLASSWORM campaign and flagged seven malicious extension names. We uncover what the TinyGo-compiled WebAs...

Read Briefing
Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace Threat Intel
Jun 9, 2026

Inside the DPRK-Linked Backdoor Loitering in the VS Code Marketplace

A notebook productivity tool turns into a full remote access implant whose architecture overlaps with two documented DPRK campaigns — Con...

Read Briefing
A Deeper Look at GLASSWORM's Solana Variant Malware Analysis
May 25, 2026

A Deeper Look at GLASSWORM's Solana Variant

A new wave on Open VSX, a two-tier Solana dead-drop, and a Go-based backdoor.

Read Briefing
Recognized in the Open VSX Security Hall of Fame Security Research
May 21, 2026

Recognized in the Open VSX Security Hall of Fame

Yeeth Security has been added to the Open VSX Security Hall of Fame as a security guardian. A look at the work that led here, and what it...

Read Briefing
The CISO's Guide to IDE Security in 2026 Security Research
May 21, 2026

The CISO's Guide to IDE Security in 2026

What developer-environment threats look like in 2026, and the controls security leaders should put in place. Written by Yeeth Security fr...

Read Briefing
The Malware Factory: GLASSWORM Forensics in Open VSX Threat Intel
Apr 28, 2026

The Malware Factory: GLASSWORM Forensics in Open VSX

Sixteen extensions in 48 hours. All share one author. A forensic walkthrough of how Bane, Yeeth Security's threat-intelligence knowledge ...

Read Briefing
+8 more View All Briefings
As seen in The Hacker News Mentioned for our discovery of the ByteBinTools backdoor in the VS Code Marketplace.

Get Started

Ready to secure your development environment?

Schedule a consultation with our security experts to discuss how we can help protect your organization.

Book a Call