sandtrap v0.1.8
Behavioral supply chain scanner for npm and PyPI. Sandtrap downloads each
dependency and inspects what the code actually does — install hooks,
obfuscation, exfiltration primitives, credential-store access — instead of
matching known-bad lists, which are blind to hijacked releases of legitimate
packages (the axios, Trivy and Shai-Hulud worm cases).
Calibrated against ~2,500 packages from real production lockfiles across three
codebases. Zero external dependencies: pure Go standard library.
Install
go install github.com/JAugusto42/sandtrap/cmd/sandtrap@latest
# or download a prebuilt binary below (linux/darwin/windows · amd64/arm64)Quick start
sandtrap scan . # scan a project's lockfiles
sandtrap check npm axios@1.12.0 # vet a single package
sandtrap scan --write-baseline . # accept reviewed findings
sandtrap scan --fail-on high --format sarif --output sandtrap.sarif .Highlights since first release
- Detection engine — five behavioral rules (install-scripts, obfuscation,
exfiltration, credential-access, fresh-publish) with per-rule score
aggregation and severity tiers. - Precision — engineered against real false-positive classes: compiler
output (dart2js banners, minified bundles, inline sourcemaps/data-URIs),
decode-without-execute data tables, npm aliases, documentation IPs and test
fixtures. Popular benign packages scan clean. - Lockfiles — package-lock.json (v1/v2/v3), yarn.lock (classic + berry,
including npm: aliases), requirements.txt. - Baseline workflow (
.sandtrap.json) — accept known behavior once; CI
then fails only on NEW behavior, the signature of a hijacked release.
Entries pin exact versions so upgrades force re-review. - Output — human terminal, structured JSON report (with a rule catalog
carrying remediation), and SARIF 2.1.0 for