Live dependency intake

Upload or paste your manifest, then let ShadowAudit trace what your dependencies are hiding.

This workflow accepts npm and PyPI dependency definitions, forwards them to the FastAPI backend, and routes you to a per-scan result page as soon as analysis starts.

Start a new scan

Choose a file or paste raw dependency content below.

package.json

Drop your dependency file here

Supports package.json and requirements.txt. Files larger than 1MB are rejected.

.json.txt

Submits to /api/v1/scan

Max upload size 1MB

Intake checklist

Drag-and-drop validates extension and file size before upload.
Paste mode supports both npm and PyPI formats with syntax-like formatting.
Successful submissions redirect to a dedicated scan result route.

What happens next

ShadowAudit stages scans in the same order as the backend.

1. Parse your dependency manifest and map the package tree.

2. Check vulnerabilities, maintainer drift, and typosquats.

3. Escalate suspicious packages into GPT-backed behavior review.

4. Redirect you into a scan-specific result page.