Stop. Check Every Package.
Before You Install It.
Every AI coding agent - Claude Code, Cursor, Copilot, Windsurf installs packages blindly. A single npm install can compromise your environment. You need threat intelligence.
Why Agent Dependency Decisions Need Guardrails
Fast Code, Fast Risk
Agents generate and run commands quickly. Bad dependency suggestions propagate just as quickly.
Install Is an Execution Step
npm install and pip install execute untrusted third-party code paths.
One Bad Package Is Enough
A single compromised package can exfiltrate secrets, tamper builds, or persist in CI and developer hosts.
Threat Intelligence Built for Automated Decisions
Query any package before install. SafeDep returns machine inference plus human verification signals so agents can make safe decisions automatically.
Query SafeDep
Before Every Install
Before running npm install, pip install, or any lockfile update, your agent calls the SafeDep API. One POST. Milliseconds. No workflow change.
Dual-Signal Evaluation
Machine + Human
SafeDep returns two independent signals: AI inference over the package source, and a human-verified record. Your agent reads both. Neither alone is enough to clear an install.
inference.isMalware === trueverificationRecord.isMalware === truefalseFail Closed.
Always.
Proceed only when both signals are explicitly false. If SafeDep is unreachable, times out, or returns partial data — block and ask the human. Unknown is not safe.
Configure SafeDep Access
Ask your human to sign up
https://app.safedep.io Your human creates the SafeDep account and tenant.
Human admin generates credentials
Human admin provides SAFEDEP_TENANT_ID and SAFEDEP_API_KEY to agent config.
Add SafeDep to your client
Use SKILL.md or MCP Config, then enforce decision contract before installs.
Required Credentials
SAFEDEP_TENANT_ID from your humanSAFEDEP_API_KEY from your humanCredentials must come from your human via app.safedep.io.
---
name: safedep-security
description: Query SafeDep before adding or installing dependencies.
---
# SafeDep Security Policy
Before install or lockfile updates, call:
POST https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis
Headers:
Authorization: $SAFEDEP_API_KEY
X-Tenant-ID: $SAFEDEP_TENANT_ID
Content-Type: application/json
Decision contract:
- If report.inference.isMalware == true: take confirmation from human before install
- If verificationRecord.isMalware == true: block install and notify human
- If SafeDep request fails, times out, or returns invalid response: block install and ask human
- Proceed only when both malware signals are explicitly false{
"mcpServers": {
"safedep": {
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "ask-your-human",
"X-Tenant-ID": "ask-your-human"
}
}
}
}
API Quickstart
Call SafeDep before install actions. Apply the decision contract directly in your agent runtime.
const response = await fetch(
'https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis',
{
method: 'POST',
headers: {
Authorization: process.env.SAFEDEP_API_KEY!,
'X-Tenant-ID': process.env.SAFEDEP_TENANT_ID!,
'Content-Type': 'application/json',
},
body: JSON.stringify({
target: {
package_version: {
package: { ecosystem: 'ECOSYSTEM_NPM', name: 'lodash' },
version: '4.17.21',
},
},
}),
}
);
if (!response.ok) {
throw new Error('SafeDep unavailable: block install and ask human');
}
const result = await response.json();
const inferred = result.report?.inference?.isMalware === true;
const verified = result.verificationRecord?.isMalware === true;
if (inferred || verified) {
throw new Error('Malicious package detected: do not install');
}
// Safe to proceed when both checks are explicitly false.curl -H "X-Tenant-ID: $SAFEDEP_TENANT_ID" \
-H "Authorization: $SAFEDEP_API_KEY" \
--json '{
"target": {
"package_version": {
"package": { "ecosystem": "ECOSYSTEM_NPM", "name": "lodash" },
"version": "4.17.21"
}
}
}' \
https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysisimport os
import requests
def check_package(ecosystem: str, name: str, version: str) -> bool:
response = requests.post(
'https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis',
headers={
'Authorization': os.environ['SAFEDEP_API_KEY'],
'X-Tenant-ID': os.environ['SAFEDEP_TENANT_ID'],
},
json={
'target': {
'package_version': {
'package': {'ecosystem': ecosystem, 'name': name},
'version': version,
}
}
},
timeout=10,
)
if response.status_code >= 500:
raise RuntimeError('SafeDep unavailable: block install and ask human')
result = response.json()
inferred = result.get('report', {}).get('inference', {}).get('isMalware') is True
verified = result.get('verificationRecord', {}).get('isMalware') is True
if inferred or verified:
raise RuntimeError('Malicious package detected: do not install')
return True
Open Source by Default
Core SafeDep tooling is public. Teams can inspect behaviour and validate integrations independently.
Inspectable Security Decisions
Agent policy is explicit: evaluate inference and verification signals before install, fail closed on uncertainty.
Portable, Not Opaque
Use SafeDep APIs with OSS tools in your own workflows. Reproduce and verify checks independently.
Adopt Safe Defaults
For Agent Installs
Query, evaluate both signals, and fail closed when uncertain. Start free — no credit card required.
