{"id":27856,"library":"guarddog","title":"GuardDog","description":"GuardDog is a CLI tool for identifying malicious open source packages, supporting PyPI, npm, and other ecosystems. Current version is 2.10.0, released June 2025. The project is actively maintained by DataDog with frequent releases.","status":"active","version":"2.10.0","language":"python","source_language":"en","source_url":"https://github.com/DataDog/guarddog","tags":["security","malware","supply-chain","cli"],"install":[{"cmd":"pip install guarddog","lang":"bash","label":"pip"}],"dependencies":[{"reason":"Used for some scanning rules; must be installed separately for full functionality.","package":"semgrep","optional":true}],"imports":[{"note":"GuardDog is the main scanner class.","symbol":"GuardDog","correct":"from guarddog import GuardDog"},{"note":"Scanner is a utility class, not in the top-level package.","wrong":"from guarddog import Scanner","symbol":"Scanner","correct":"from guarddog.scanner import Scanner"}],"quickstart":{"code":"from guarddog import GuardDog\nfrom guarddog.scanner import Scanner\n\ngd = GuardDog()\n# Scan a package by name and ecosystem\nresults = gd.scan_package(\"requests\", ecosystem=\"pypi\")\nprint(results)\n\n# Or use Scanner for local directories\nscanner = Scanner()\nlocal_results = scanner.scan_directory(\"./package\")\nprint(local_results)","lang":"python","description":"Quickstart: scan a known PyPI package or local directory for malicious indicators."},"warnings":[{"fix":"Review results carefully and use --exclude-rule if needed.","message":"In v2.7.0, code execution rule was extended to init files, which may cause false positives for packages with code in __init__.py.","severity":"breaking","affected_versions":">=2.7.0"},{"fix":"Use `--ecosystem pypi` instead of `--scan-type pypi`.","message":"The CLI option `--scan-type` has been replaced by `--ecosystem` in v2.4.0.","severity":"deprecated","affected_versions":">=2.4.0"},{"fix":"Install semgrep separately: `pip install semgrep`.","message":"GuardDog requires semgrep to be installed for some rules; scanning may silently skip rules if semgrep is missing.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"Run `pip install guarddog` in the correct Python environment.","cause":"GuardDog not installed or installed in a different environment.","error":"ModuleNotFoundError: No module named 'guarddog'"},{"fix":"Provide a valid ecosystem, e.g., `guarddog scan requests --ecosystem pypi`.","cause":"Missing ecosystem argument when using the CLI.","error":"guarddog: error: argument --ecosystem: expected one argument"},{"fix":"Install semgrep: `pip install semgrep`.","cause":"Semgrep not installed but required by some rules.","error":"GuardDog requires semgrep to be installed. Install with: pip install semgrep"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}