Logo of PackageFix

PackageFix

Paste your manifest. Download the fix. No CLI, no signup.

Visit website

PackageFix is a free browser-based dependency security fixer. Paste your manifest file and get back a fixed version with every vulnerable package patched.

Supports 7 ecosystems: npm, PyPI, Ruby, PHP, Go, Rust, and Java/Maven.

Beyond CVE scanning — also detects:
- Glassworm/Unicode injection in manifest scripts
- Typosquatting (one char off a popular package)
- Zombie packages (unmaintained but widely used)
- Suspicious maintainer activity
- Build script danger (curl/wget in postinstall)
- Unpinned version warnings

Uses the OSV vulnerability database (updated daily) and CISA KEV catalog. Everything runs client-side - nothing leaves your browser.

MIT licensed, open source.
github.com/metriclogic26/packagefix

About PackageFix

PackageFix is a development product listed on Uneed, available for free. It's tagged with Open Source, Development. See the best Open Source products for related options.

Frequently asked questions about PackageFix

What is PackageFix?

PackageFix is paste your manifest. Download the fix. No CLI, no signup.

Is PackageFix free?

Yes, PackageFix is free to use.

What are alternatives to PackageFix?

Discover similar open source, development, security products in the Uneed directory.

What category does PackageFix belong to?

PackageFix is listed under Development on Uneed.