perplexityai/bumblebee

Secrets & Credentials

A read‑only inventory collector that turns on‑disk package, extension, and developer‑tool metadata from macOS/Linux endpoints into structured NDJSON for rapid supply‑chain exposure checks.

Track releases GitHub

Go Latest v0.1.1 · 12d ago Security brief →

Features

Collects metadata from lockfiles, package managers, extensions, and MCP configs without executing any commands
Three scan profiles (`baseline`, `project`, `deep`) to suit different cadences and scopes
Emits NDJSON component records that can be matched against an exposure catalog for fast incident response

Recent releases

View all 1 releases →

No releases yet

We'll surface new releases as they're published — check back soon.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per week

May 22

May 29

Cadence 0.1 / wk

Last release 12d

Tracked 1

Security

Full profile →

Security score 6.5/10

OpenSSF —

Open CVEs 0

SECURITY.md Active maintainer

Community

GitHub stars 4,060

Forks 349

Open issues 28

Open PRs 16

Stars/wk velocity 0.0

About

Stars

4,060

Forks

349

Language

Go

Downloads/week

231

NPM Maintainers

1 Single npm maintainer

Contributors

1

View on GitHub View on npm

Install & Platforms

Install via

go

Platforms

linux macos

Similar tools

goklab/guardvibe

About

Stars

4,060

Forks

349

Language

Go

Downloads/week

231

NPM Maintainers

1 Single npm maintainer

Contributors

1

View on GitHub View on npm

Install & Platforms

Install via

go

Platforms

linux macos

Similar tools

goklab/guardvibe

Beta — feedback welcome: [email protected]