what's NpmGuard?

NpmGuard is an autonomous security platform that safeguards developers from malicious npm packages by automatically auditing new versions upon publication. The multi-step AI pipeline includes structural inventory analysis, LLM-powered risk scoring using Gemini 2.5 Flash, agentic investigation for suspicious code patterns, and sandboxed exploit testing in Docker containers. Audit verdicts, risk scores, and detailed reports are published immutably on-chain via ENS subnames on the Sepolia testnet (e.g., axios.npmguard.eth) with reports stored on IPFS through Pinata. Monitored packages receive free audits every five minutes triggered by Chainlink CRE cron jobs. On-demand audits for other packages can be initiated via the npmguard-cli tool, requiring a nominal fee of 0.01 0G on the 0G Galileo testnet, payable with a private key or WalletConnect QR code. A React-based dashboard provides real-time audit progress via Server-Sent Events, enabling developers to query ENS for package safety before installation.

NpmGuard is a top 10 finalist at ETHGlobal Cannes hackathon as of April 5, 2026.