Binary supply-chain security

See inside the compiled code your tools ignore.

Every npm install ships native binaries that no scanner checks. BinShield decompiles them, classifies their behavior with AI, and blocks threats before they reach production.

Live API connected5 packages surfaced, 11 binaries tracked

$binshield scan bcrypt@6.0.0

MEDIUM (52)

10 native binaries detected. Crypto operations, filesystem access, and process spawning identified.

10 binaries52 risk scoreAI classified

Compiled code visibilityBinary-first

Inspect native package artifacts, not just manifests.

Version diffsDrift-aware

Track behavior changes between package releases.

CI policy enforcementAction-ready

Reuse the same scan contract in GitHub Actions.

Canvas binding with font file access, rasterization helpers, and native rendering support.

2 binaries • high confidence • latest 2.11.2

SQLite native binding with filesystem access to database files and stricter extension gating.

1 binaries • high confidence • latest 5.1.7

Argon2 binding with expected entropy access and memory-hard hashing primitives.

1 binaries • high confidence • latest 0.41.1

Standard bcrypt native addon with expected entropy access and no suspicious network activity.

1 binaries • high confidence • latest 5.1.1

Launch surfaces

Built for product discovery and team adoption

DashboardRepository coverage, risk posture, and scan history.WatchlistsTrack package versions and receive email alerts.BillingPlan usage, invoices, and customer portal handoff.SettingsAPI keys, org profile, and audit trail.

How it works

Data flow

Discover native binaries in npm package tarballs.
Decompile and classify behavior through queued workers.
Store immutable package results and surface them in the app.
Use the same API in CI, dashboard, and future integrations.

See inside the compiled code your tools ignore.

Featured analyses

canvas

sqlite3

argon2

bcrypt

Launch surfaces

How it works