@phantomdep/cli
v0.1.0
Published
PhantomDep CLI — install-guard and lockfile scanner
Downloads
161
Maintainers
Readme
@phantomdep/cli
The PhantomDep install-guard and lockfile scanner — verify dependency names before they are installed, at the execution boundary. Part of PhantomDep, a privacy-first, zero-infra guard against slopsquatting (AI-hallucinated dependency) attacks.
Install
npm install -g @phantomdep/cliUsage
# Guard an install: blocks phantom packages, warns on suspicious, then delegates
# to the real package manager (npm / pip, auto-detected from project files).
phantomdep install express
phantomdep install some-pkg --ecosystem pypi
phantomdep install risky-pkg --force # override warnings; never unblocks phantom
# Scan a lockfile's full dependency tree (nested deps included). For pre-commit / CI.
phantomdep scan # auto-detects package-lock.json / requirements.txt
phantomdep scan path/to/lockfileThe check always runs before the real install command — because with lifecycle hooks,
npm install / pip install is the attack.
Exit codes
0— clean1— phantom dependency found (blocked)2— suspicious dependency found (warning only)
Privacy
Fully local. The only network calls are anonymous lookups of package names to the public npm / PyPI registries. No account, no telemetry, no backend.
License
MIT © Farhan Raditya Aji
