Usage

After running bouncer enable, every package install is automatically screened across npm, npx, yarn, pnpm, bun, pip, pip3, pipx, uv, and poetry. See package managers for details. You can always bypass bouncer with command npm or by running bouncer disable.

Threat levels

ALLOW

No obvious signs of malicious behavior. The install proceeds normally.

WARN

Suspicious signals. Bouncer shows what it found and lets you decide.

BLOCK

Confirmed threat. Bouncer stops the command.

Important: An "allow" result does not mean a package is safe, trustworthy, or free of bugs. It means Bouncer did not find obvious signs that the package is malicious. You should still exercise judgment, especially with unfamiliar packages or packages with very few downloads.

Interactive mode (default)

In a terminal, bouncer shows scan results and prompts you on warnings.

Warning: prompts you

$ pip install reqeusts
🟡 pip install reqeusts intercepted by Bouncer
  Possible typosquat of "requests"
  Published 2 days ago, 0 downloads
  1) Abort (recommended)
  2) View audit on bouncer.sh
  3) Proceed anyway

Block: stops the command

$ npm install evil-utils
🔴 npm install evil-utils intercepted by Bouncer
  Discord webhook exfiltration in postinstall.js
  Confidence: HIGH

Script mode

Bouncer detects when it's running inside a script or CI pipeline. In script mode, warnings are silenced for compatibility. Blocks still hard-fail with a non-zero exit code.

Your existing shell scripts, CI pipelines, and Dockerfiles work normally with no changes.

Paranoid mode

If you want warnings to block in script mode too (recommended for CI):

$ bouncer config set paranoid true