The shield between malicious packages
and your build.

Manticore runs every package in a sandbox, captures its behavioral fingerprint, and blocks the malicious ones before they reach your code.

Book a demo View on GitHub

how manticore works

Contain. Sting.
Strike.

Security for the blind spot in static analysis. Built for the most critical surfaces in developer environments.

1
Isolation
Isolated at install‑time.
Every package runs in a locked sandbox with restricted network. Analysis covers both install‑time and runtime behavior. Hidden payloads are triggered actively, not passively.
2
Analysis
Behavioral fingerprint.
File reads, outbound connections, process launches. Behavior is recorded live. Works on obfuscated code.
3
Signal
Threat intelligence feed.
Each analysis produces a machine-readable report: detected anomalies, C2 addresses, executed commands.
4
Integration
Developer integration.
One command in your CI/CD pipeline or terminal. PR comment, SARIF report, or automatic pipeline block on threshold.

trust & supply chain

Open source.
Signed releases.

The CLI source is public and MIT-licensed. The GitHub Action pulls the release binary, verifies its SHA-256 checksum and digital signature, then runs manticore scan as part of your CI/CD pipeline.

Verifiable releases
Every binary is SHA-256 checksummed and digitally signed. The Action verifies both before execution.
Versioned and pinned
Releases are tagged and pinned. Reproducible builds, auditable supply chain, no moving targets.

Manticore Security Scan Results

35 packages scanned · 1 suspicious · highest severity CRITICAL

ts-gaussian 3.0.5

Score 100 / 100 · Severity Critical

● 1 Critical · ● 3 High findings

● Critical · Credential Exfiltration

Sensitive credential or file access combined with unknown network activity.

● High · Sensitive Env Access

GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID

● High · Sensitive File Access

~/.ssh/id_rsa (read), ~/.aws/credentials (read)

● High · Unknown Network

169.254.169.254:80/tcp

Behavior

File Access Outbound Network Credential Read Process Spawn

in the wild

What we're seeing right now.

Recent successful attacks rely on exploiting established trust. Malicious updates ship from compromised maintainer accounts. The packages themselves are familiar, heavily downloaded, and arrive through ordinary release paths.

New threats: +20,000
Targeted: 31%
Ranking: #1

Principle

"Manticore was built because, as cyber security experts, we kept running into this problem in real working environments too."

threat intelligence feed

From the team.

View all

No posts yet

Field notes from the team will appear here.

Visit Intelligence

behavioral intelligence

Behavioral intelligence is no longer nice‑to‑have.

In today's supply chain landscape, it's a must. Book a 30‑minute demo and we'll walk you through how Manticore works.

Book a demo View on GitHub

The shield between malicious packagesand your build.

Contain. Sting.Strike.

Isolated at install‑time.

Behavioral fingerprint.

Threat intelligence feed.

Developer integration.

Open source.Signed releases.

Verifiable releases

Versioned and pinned