GuardDog

raw JSON →
2.10.0 verified Sat May 09 auth: no python

GuardDog is a CLI tool for identifying malicious open source packages, supporting PyPI, npm, and other ecosystems. Current version is 2.10.0, released June 2025. The project is actively maintained by DataDog with frequent releases.

pip install guarddog

Common errors

error ModuleNotFoundError: No module named 'guarddog'
cause GuardDog not installed or installed in a different environment.
fix
Run pip install guarddog in the correct Python environment.
error guarddog: error: argument --ecosystem: expected one argument
cause Missing ecosystem argument when using the CLI.
fix
Provide a valid ecosystem, e.g., guarddog scan requests --ecosystem pypi.
error GuardDog requires semgrep to be installed. Install with: pip install semgrep
cause Semgrep not installed but required by some rules.
fix
Install semgrep: pip install semgrep.

Warnings

breaking In v2.7.0, code execution rule was extended to init files, which may cause false positives for packages with code in __init__.py.
fix Review results carefully and use --exclude-rule if needed.
deprecated The CLI option `--scan-type` has been replaced by `--ecosystem` in v2.4.0.
fix Use `--ecosystem pypi` instead of `--scan-type pypi`.
gotcha GuardDog requires semgrep to be installed for some rules; scanning may silently skip rules if semgrep is missing.
fix Install semgrep separately: `pip install semgrep`.

Imports

Quickstart

Quickstart: scan a known PyPI package or local directory for malicious indicators.

from guarddog import GuardDog
from guarddog.scanner import Scanner

gd = GuardDog()
# Scan a package by name and ecosystem
results = gd.scan_package("requests", ecosystem="pypi")
print(results)

# Or use Scanner for local directories
scanner = Scanner()
local_results = scanner.scan_directory("./package")
print(local_results)
last verified Sat May 09
next check Fri Aug 07