Explore more publications!
The Europe Daily Report
Got News to Share?

Arnica Unveils Free DepsGuard Tool to Stop Supply Chain Attacks in Under 60 Seconds

Built for vibe coders and developers alike, DepsGuard hardens package manager settings against supply chain attacks with a single command, no expertise required

ATLANTA , GA, UNITED STATES, April 21, 2026 /EINPresswire.com/ -- Arnica, the platform for governing and securing the AI code development lifecycle, today released DepsGuard, a free, open-source command-line tool that scans and fixes package manager configurations to protect software teams against supply chain attacks.

DepsGuard was built in direct response to the March 31, 2026 axios compromise, in which a hijacked maintainer account published malicious versions of one of npm’s most popular packages (101,417,097 weekly downloads). The poisoned versions were live for approximately three hours before removal. Any team that ran npm install during that window without protective configuration could have pulled in the compromised code.

Most modern package managers already ship with defenses against this type of attack, including minimum release age settings that refuse to install packages published less than a configurable number of days ago.

However, these settings are typically disabled by default. DepsGuard checks whether they are enabled and provides an interactive interface to turn them on.

The tool supports npm, pnpm, yarn, bun, and uv, and also checks Renovate and Dependabot configurations for appropriate cooldown periods. It previews all changes as diffs before writing anything, creates timestamped backups, and offers one-command rollback.

DepsGuard is built for anyone who writes or ships code, whether they want to adopt it on their own or are required to do so by their security team. Individual developers can self-install it for proactive protection. AppSec teams can mandate it organization-wide to enforce consistent package manager hardening across every project and developer.

The tool is especially useful for the growing population of vibe coders, developers building with AI agents who may not be familiar with package manager internals.

DepsGuard is written in Rust, has zero runtime dependencies, and runs on macOS, Linux, and Windows. It is available under the MIT license.

“Package managers have gotten much better at offering built-in protections, but discoverability is still a problem,” said Eran Medan, co-founder and CTO of Arnica. “Many developers don’t know these settings exist. DepsGuard closes that gap with a single command.”

DepsGuard is available now at https://depsguard.com and https://github.com/arnica/depsguard.

About Arnica
Arnica (https://arnica.io) is the platform for governing and securing the AI code development lifecycle that integrates directly with source code management systems to provide pipelineless agentic and developer-native security through agentic rules enforcement, hybrid SAST (static and AI powered), SCA, secrets detection, container scanning, infrastructure-as-code risk detection, and an all-in-one ASPM solution.

Nicolia Wiles
PRIME|PR
+1 512-698-7373
email us here

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions