One pip install puts the XYZ decision brain in your shell and your pipeline.
It enrolls the machine, gates every npm install and
pip install through the proxy, and fails the build on anything malicious,
across Java, JavaScript (npm), Python, Go and .NET (NuGet).
fig. 01 · xyz audit (real terminal output)
xyz binary.Published on PyPI as cyberxyz-scanner. The command it installs is xyz. Runs on macOS, Linux and Windows.
npm install / pip install through the XYZ proxy.Browser-based login, stores a session in ~/.xyz/config.json. Re-run when it expires, or use an API key for CI.
One command registers the machine, points npm, pip and NuGet at the safety proxy, and installs the daemon.
Every install now flows through the proxy. Malicious packages never hit your disk, run xyz audit any time.
Point xyz audit at a project and it reads the right lockfile automatically. One decision brain scores them all.
xyz audit npmpackage-lock.jsonxyz audit pythonrequirements.txtxyz audit gogo.sumxyz audit nugetpackages.lock.jsonDrop the gate into GitHub Actions, GitLab CI, CircleCI or Jenkins. It reads your lockfiles, calls the brain, and exits non-zero on anything that should never ship.
One step gates every PR and push. No platform rewrite.
package-lock.json, requirements.txt, go.sum, pom.xml.
0/1/2/3 for clean / block / quarantine / alert. Skips Dependabot PRs.
GitHub Actions, GitLab CI, Azure DevOps, CircleCI, Jenkins.
See the CLI, the proxy and the dashboard in a 15-minute walkthrough. We'll wire the gate into your CI in under an hour.
Check your inbox. We'll reach out within 24 hours.