mitkox / supply-chain-monitor-localai

Public

Fork of https://github.com/elastic/supply-chain-monitor with local AI backend (vLLM/llama.cpp)

100% credibility

Found Apr 03, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

This tool automatically watches for new releases of the most downloaded Python and JavaScript packages, compares code changes using a local AI analyzer to identify potential malicious alterations, and sends notifications to a team chat if threats are detected.

How It Works

🛡️ Discover the safety watcher

You learn about a helpful tool that keeps an eye on the most popular software packages to catch any sneaky dangerous updates.

🧠 Prepare your smart reviewer

You set up a local thinking machine that can carefully examine changes in package updates to spot anything harmful.

💬 Link your team alerts

You connect it to your group's chat space so warnings about bad updates arrive instantly where everyone can see.

🚀 Launch the monitor

You start the watcher with a simple go command, and it begins scanning the busiest packages automatically.

⏰ Let it run quietly

The tool checks for fresh updates every few minutes in the background, without interrupting your day.

🔔 Stay safe and alerted

Whenever a risky change appears, you receive a clear warning with details, protecting your projects effortlessly.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is supply-chain-monitor-localai?

This Python tool monitors the top PyPI and npm packages for new releases, diffs each against the prior version, and uses a local AI backend like vLLM or llama.cpp (via OpenAI-compatible API) to flag malicious changes such as obfuscated code or exfiltration. It's a fork github repo of https://github.com/elastic/supply-chain-monitor, solving supply chain attacks by alerting via Slack on threats in your dependency chain. Run `python monitor.py --top 15000 --interval 300 --slack` for continuous watching of both ecosystems.

Why is it gaining traction?

Unlike cloud-dependent scanners, it runs a fully local backend for privacy and zero API costs, making it ideal for fork github private setups or air-gapped environments. Developers grab the fork github download for quick deploys to GitLab, Azure DevOps, or Bitbucket via fork github project to gitlab/repo flows. The lightweight polling and detailed diff reports stand out for real-time supply chain monitor without heavy resource use.

Who should use this?

Security engineers at startups tracking top deps in CI/CD pipelines. DevOps teams forking github repo to azure devops or bitbucket to watch vendor packages like requests or axios. Compliance officers needing localai audits before fork github to gitlab migrations.

Verdict

Worth a spin for local supply chain monitor needs—solid docs and CLI make it dev-friendly despite 19 stars and 1.0% credibility score signaling early maturity. Fork it for custom tweaks, but pair with broader tools until adoption grows.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

318

Followers

Base stars: 19 stars

Penalty: Very new repo (0d): -70%

Bonus: AI verified quality (100%)

Account age: 2,754 days

Repo age: 0 days

License: MIT

Updated: Apr 03, 2026