Stop shipping
your AI assistant's
secrets.
A Lakera audit of 46,500 npm packages found 428 containing .claude/settings.local.json. 33 had live API keys. PackGuard intercepts the tarball before it ships.
$ npx packguard scan────────────────────────────────────────────────────────FILE STATUS REASON────────────────────────────────────────────────────────.claude/settings.local.json BLOCKED ai_artifact:.claude.cursor/mcp.json BLOCKED ai_artifact:.cursordist/index.js.map WARNING source_map_with_sourcesdist/index.js CLEANREADME.md CLEAN────────────────────────────────────────────────────────✗ Publish blocked. Fix the issues above.
How it works
Install the hook
One command wires packguard into your prepublishOnly script. Runs automatically on every publish.
packguard installnpm publish fires
The hook opens the about-to-ship tarball and inspects every file before it leaves your machine.
npm publishBlock or pass
AI config artifacts, embedded source maps, and high-entropy secrets get caught. Everything else ships.
exit 1 # blockedWhat gets blocked
Every major AI coding assistant writes state files you never explicitly created. These are exact-match signatures — no heuristics, no false positives.
On top of that: source maps with embedded source and high-entropy strings matching known secret formats (Anthropic, GitHub, AWS, OpenAI, Stripe).
Try it now
Paste any file list and see exactly what packguard would block. Same logic as the CLI, running serverless.
# or run it directly on your package:
npx packguard scan
# wire it permanently:
npx packguard install
Why not use what you already have
prepublishOnly — the exact moment before the tarball ships. AI-artifact signatures built in. Free for solo OSS, no account needed.Questions
Does this send my code anywhere?
No. The CLI runs entirely on your machine. Nothing leaves your system unless you opt into the Pro audit log, which only sends scan metadata — never file contents.
Which AI tools does it cover?
Claude Code (.claude/), Cursor (.cursor/), Codex (.codex/), Windsurf (.windsurf/), Copilot (.copilot/), and Aider (.aider/). New tools get added as they emerge.
Does it work with PyPI or cargo?
The CLI is designed for it. npm support ships in v1. PyPI and cargo hooks are planned next.
What's the false-positive rate?
AI artifact detection is exact-match against known paths — zero false positives there. The entropy scanner can flag base64 in legitimate config; add a .packguardignore to suppress specific files.
Start right now. Free.
No account, no install. One command checks your entire package tarball.
Pro is in early access.
Org audit log, CI token, team controls — ₹799/mo when it ships. Leave your email and I'll reach out when it's ready.