How Levering works

Two systems that meet in the middle.

We scan the world’s open-source supply chain on one side, and give you a clean inventory of your own on the other. The value is where they join.

  1. 01

    We watch the registries, not your endpoints

    A separate Levering service continuously pulls new and updated releases from the open-source marketplaces attackers actually use — npm, PyPI, Hugging Face, the Chrome Web Store, the VS Code Marketplace, PowerShell Gallery. Publish something malicious to any of them and it enters our queue within minutes.

  2. 02

    Every artifact is read and detonated

    Each release goes through two independent passes: an AI static-analysis read of the actual code, and a dynamic run inside an isolated sandbox. We record what it really does — files touched, processes spawned, hosts contacted, credentials read.

  3. 03

    Behavior is judged against stated intent

    The tell for supply-chain malware is the gap between what a package claims to do and what it does. A “terminal color helper” that reads ~/.aws/credentials and beacons out isn’t a color helper. We score that gap and assign a verdict: malicious, suspicious, or clean.

  4. 04

    You inventory your own fleet, agentlessly

    One auditable shell script reads the specific locations where packages, models, and extensions live — no disk crawl, no kernel agent. It reports names and versions (never file contents or secrets) to your private inventory, keyed by a token you mint.

  5. 05

    Your inventory is married to our intelligence

    Server-side, every artifact you have is joined against our threat intel. Anything malicious is pulled to the top of your inventory, per device and per user — so you know not just that a threat exists, but exactly where it is.

On the roadmap · v2

Stop the install before it lands.

Inventory tells you what’s already there. Next, Levering inspects install-time network traffic and blocks a known-malicious package from ever reaching the device — turning visibility into prevention.

Ready to see your own fleet?

Scan my fleet →