Secure Your Developer Environment in 60 Seconds or Less with Open Source DepsGuard

Atlanta, GA -- April 14, 2026 -- Arnica, the platform for governing and securing the AI code development lifecycle, released DepsGuard, a free, open-source command-line tool that scans and fixes package manager configurations to protect software teams against supply chain attacks. DepsGuard is designed for everyone from seasoned developers to vibe coders who simply want to be protected from the next attack.

DepsGuard was built in direct response to the March 31, 2026 axios compromise, in which a hijacked maintainer account published malicious versions of one of npm's most popular packages. The poisoned versions were live for approximately three hours before removal. Any team that ran npm install during that window without protective configuration could have pulled in the compromised code.

The fix is simpler than most teams realize. Modern package managers already ship with defenses against this type of attack, including minimum release age settings that refuse to install packages published less than a configurable number of days ago. A seven-day delay would have prevented every major npm supply chain attack on record. These protections exist, they’re just not turned on by default.

DepsGuard closes that gap in 60 seconds or less. Copy, paste, and press enter. The tool checks whether protective settings are enabled across npm, pnpm, yarn, bun, and uv, and provides an interactive interface to turn them on. It also checks Renovate and Dependabot configurations for appropriate cooldown periods, previews all changes as diffs before writing anything, creates time-stamped backups, and offers one-command rollback.

DepsGuard is built for anyone who writes or ships code, whether they want to adopt it on their own or are required to do so by their security team. Individual developers can self-install it for proactive protection. AppSec teams can mandate it organization-wide to enforce consistent package manager hardening across every project and developer.

The tool is especially useful for the growing population of vibe coders, developers building with AI agents who may not be familiar with package manager internals. Think of it like QR codes before they were built into every smartphone. The technology existed, but adoption was nearly zero until the friction disappeared. DepsGuard removes the friction.

 DepsGuard is written in Rust, has zero dependencies, and runs on macOS, Linux, and Windows. It is available under the MIT license.

"Package managers have gotten much better at offering built-in protections, but discoverability is still a problem," said Eran Medan, co-founder and CTO of Arnica. "Most developers don't know these settings exist. DepsGuard closes that gap with a single command, whether you're a seasoned security engineer or just starting to build with AI tools."

 DepsGuard is available now at https://depsguard.com and https://github.com/arnica/depsguard.

About Arnica

Arnica (https://arnica.io) is the platform for governing and securing the AI development lifecycle that integrates directly with source code management systems. Providing 100% coverage and adoption through pipelineless agentic and developer-native security, agentic rules enforcement, ASPM, hybrid SAST, SCA, secrets detection, container image mapping, and infrastructure-as-code scanning, Arnica seeks to increase development velocity securely.

Media Contact:

Nicolia L. Wiles

PRIME|PR

nwiles@prime-techpr.com

‍