Pinperepette

Pinperepette / SENT

Public

Real-time supply chain threat detection for package ecosystems. Monitors PyPI and npm release streams, prioritizes packages by cascade impact across the dependency graph, and performs AST-based behavioral diff analysis to catch malicious updates, including stealth modifications to existing code, before they spread.

19
2
100% credibility
Found Mar 26, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

SENT monitors package update streams from PyPI, npm, and WordPress plugins in real-time, prioritizes high-impact ones by dependency cascade, analyzes code changes for malicious behavior, and sends alerts.

How It Works

1
🔍 Discover SENT

You hear about SENT, a helpful watchdog that checks new software updates for sneaky dangers before they harm your projects.

2
📦 Set it up simply

With one easy click using a ready-made box, you install SENT on your computer—no complicated steps needed.

3
🗺️ Map important packages

You prepare SENT by pointing it to the most popular software pieces that many projects rely on, so it knows what matters most.

4
🚀 Start live watching

You flip the switch to begin real-time monitoring, and SENT quietly scans thousands of updates every hour, focusing on the risky ones.

5
đź”” Spot dangers instantly

When a suspicious update appears in a key package, SENT lights up with a clear alert, explaining exactly what's wrong.

6
🔎 Dig deeper if needed

For any package you're curious about, you ask SENT to examine it closely and get a full report on changes.

🛡️ Stay protected

Now your projects are shielded from hidden threats in updates, giving you peace of mind as you build and run your software safely.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SENT?

SENT delivers real-time supply chain monitoring for PyPI, npm, and WordPress plugins, scanning thousands of hourly releases to detect malicious updates via behavioral diffs on modified code. It prioritizes packages by cascade impact—focusing on the 2% with 90% risk, like a compromised urllib3 affecting half the internet—and catches stealth changes like URL redirects or env var exfiltration. Built in Python with a simple Docker/CLI setup, it provides real-time supply chain dashboards for top risky packages, metrics, and alerts via Slack/webhook/desktop.

Why is it gaining traction?

Unlike reactive scanners that miss attacks until mass installs, SENT polls feeds every 30s for real-time detection github-style, using dependency graphs for smart prioritization and AST diffs to flag anomalies against package baselines—slashing false positives. Features like on-demand analysis (`sent analyze requests`), SBOM import for your deps, and optional dyana sandboxing for runtime checks make it a lightweight real-time supply chain dashboard. Devs love the tuned alerts (score thresholds from 30-1000) and JSON logs for integration.

Who should use this?

Security engineers at scale-ups watching PyPI/npm for early warnings, DevOps teams gating CI/CD on high-impact updates, and researchers dissecting suspicious diffs. Ideal for orgs with custom requirements.txt/package.json needing real-time supply chain visibility on their transitive deps.

Verdict

Worth spinning up via Docker for real-time supply chain management—excellent docs and CLI make it instantly usable despite 19 stars and 1.0% credibility score. Early maturity means pair with manual review, but it's a solid prototype for proactive threat hunting.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.