Pipguard – pre-install malware scanner for Python supply-chain attacks

pipguard is a local-only Python CLI tool designed to scan Python packages for supply-chain malware before installation. Created in response to incidents like the LiteLLM compromise, it detects executable .pth files, credential harvesting, obfuscated payloads, and import-time attacks. The tool provides commands to scan packages, safely install after verification, audit environments, and run commands with reduced blast radius.