Works With

Malicious Package Protection
For AI Coding Agents

Every open source package your agent installs is checked before execution. Malicious packages are blocked at install time.

Setup via Dashboard Docs

2M+

Packages Scanned

100K+

Components Analysed

1000+

Projects Secured

80%

Threats Blocked

2M+

Packages Scanned

100K+

Components Analysed

1000+

Projects Secured

80%

Threats Blocked

The Threat

Agents Use Code
They Can't See

AI coding agents run real install commands in your environment. They cannot distinguish a trusted package from a malicious one.

Stay Protected

A Security Check Before Execution

SafeDep's hosted MCP server provides AI agents real-time access to a malicious package database. Before any install, the agent queries SafeDep. Malware gets blocked. Clean packages proceed. Zero friction.

See It In Action

Watch SafeDep Block a Malicious Package in Real Time

See what happens when an AI agent tries to install a flagged package. SafeDep intercepts the request, checks its threat database, and blocks the install — before any code executes.

Before Any Dependency Enters Your Project

Prevent malicious code from entering your environment.

See How it works

[ 1 ]

Add SafeDep MCP Server To Your Agent

Add the SafeDep MCP server to your AI coding tool and authenticate using your API key and tenant ID. This establishes a secure connection between your agent and SafeDep's threat intelligence.

Setup via Dashboard

[ 2 ]

Check Every Dependency
In Real Time

Choose your MCP-compatible agent (Claude Code, Cursor, etc.) and add the SafeDep MCP server using the provided setup command.

Claude

claude mcp add safedep-threats \
  --transport http \
  --header "Authorization: YOUR_API_KEY" \
  --header "X-Tenant-ID: YOUR_TENANT_DOMAIN" \
  https://mcp.safedep.io/model-context-protocol/threats/v1/mcp

Cursor

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "safedep": {
      "url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

OpenAI

# ~/.codex/config.toml
[mcp_servers.safedep]
type = "url"
url = "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp"

[mcp_servers.safedep.headers]
Authorization = "YOUR_API_KEY"
X-Tenant-ID = "YOUR_TENANT_DOMAIN"

Gemini

// ~/.gemini/settings.json
{
  "mcpServers": {
    "safedep": {
      "httpUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

Windsurf

// ~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "safedep": {
      "serverUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

[ 3 ]

Install Dependencies, Safely

Every package your agent installs is now checked against SafeDep's threat intelligence before install — automatically blocked if malicious.

Built for the New Reality of

Open Source

SafeDep protects developers from malicious code hidden in open source packages installed every day, guarding the entry point, not just the code inside.

Real-Time Detection

We scan packages as they're published to npm, PyPI, and other registries—not 24 hours later when it's too late.

Human-Verified Intelligence

Our security researchers verify every threat. No false positive noise. When we block something, it's real.

Zero Friction

Invisible when packages are safe. You only see SafeDep when we block something dangerous.

Security That Moves

With Coding Agent

SafeDep integrates directly with your AI coding agents and MCP-compatible IDEs, checking every dependency before install — without changing how you build.