Zyrax is building a platform to keep malicious and risky code out of the software you ship. The first piece is already here, and it is free.
Zyrax Guard vets every npm, PyPI, and crates dependency before you install it, running in milliseconds against public registry metadata.
Flags names one keystroke from popular packages, like reqeusts instead of requests.
Cross-checks public security advisories for confirmed-bad packages.
Catches packages that do not exist on the registry, including AI-suggested names that were never published.
Warns on brand-new, low-adoption packages nothing is depending on yet.
Detects tampered or mismatched lockfile entries in your pull requests.
Surfaces sudden ownership handoffs, a classic account-takeover signal.
Opt in and Zyrax Guard downloads the package and statically inspects the code it runs at install time, things like network calls, process spawning, and obfuscated eval, then blocks the dangerous combinations. No sandbox, no Docker, zero dependencies.
zyrax-guard check lodash
Any shell · macOS · Linux · Windows
uses: tiagosilva07/zyrax-guard@v0
Gate every pull request · SARIF output
claude mcp add zyrax-guard …
Claude · Cursor · Windsurf · VS Code
The free tool protects one developer. The platform protects everything you ship, across every team and repository.
Every dependency across all your repositories, watched in real time.
Set your security rules once and enforce them across every team and repo.
Full visibility, audit trails, and compliance-ready reports for security teams.
A curated feed that flags malicious packages before they reach public databases.
Join the waitlist for early access and launch updates. We will only email you about Zyrax, and you can unsubscribe at any time.
Weget Unipessoal Lda. collects the email address, and optional name, you submit, solely to notify you about Zyrax early access and its launch, on the basis of your consent. We do not sell or share your data. You can remove your data instantly at any time. See our Privacy Policy for full details.