Harden your development environment.
5bats is a fleet of free, self-hosted security tools for developers — prompt-injection guards for AI agents and pre-install CVE gates — that catch supply-chain and injection threats before they reach the machine.
Every tool is open source, runs locally, and makes zero third-party calls. No telemetry, no accounts, no outbound traffic the developer didn’t ask for. Privacy is the default, not a setting.
Two problems, caught early
AI-agent security — When an AI agent reads a web page, a hidden instruction on that page can become its next command. These tools strip the trick and label fetched content as untrusted data, so a booby-trapped page can’t hijack your agent.
Supply-chain gates — pip install, composer install and brew upgrade run a
package’s code before any audit looks. These gates check the whole dependency tree first — and hold back releases
too fresh to trust — so a malicious package never reaches your machine.
New to these threats? Read the guides — what is prompt injection? and what is a supply chain attack?.
Where 5bats fits — honestly.
The serious supply-chain platforms — Snyk, ShieldedStack, Socket, JFrog — are genuinely good, and they do far more than 5bats: org-wide policy, dashboards, SBOMs, network proxies, compliance reporting, support. If you’re a company that needs that, buy one.
5bats is for everyone else — the solo developer, the small team, the side project, the no-budget weekend. The tools are free, run on your own machine, need no account, and make zero third-party calls. They cover the threat that actually hits individuals: a vulnerable or malicious package, or a booby-trapped page an AI agent reads — caught before it reaches your machine. Same core idea as the paid proxies, at the scale and price of one laptop.
No dashboards. No seats. No telemetry. Just the gate, on your machine, for free.
Ship fast with AI — without getting owned.
Zero third-party calls
Every 5bats tool runs locally and self-hosted. No telemetry, no phone-home, no outbound calls the developer didn't ask for.
Built for the terminal
CLI-first gates and fetchers that drop straight into the dev workflow — pip, Composer, Homebrew, Claude Code and Mistral.
Catches threats pre-install
CVE gates check NIST NVD, OSV.dev and the GitHub Advisory database, blocking vulnerable or freshly published packages before they land.
AI-agent security
Prompt-injection defence for AI agents: a Docker-isolated fetcher, an MCP sanitiser and Claude Code hooks — so a booby-trapped page can't become a command.
Supply-chain gates
Pre-install CVE gates for pip, Composer, Homebrew and AI assistants — they scan the whole dependency tree and hold back too-fresh releases before any code runs.
