Inspiration Supply chain attacks are the new frontier of software security. Traditional vulnerability scanners rely on CVE databases—useless against zero-day threats. We were inspired to build behavioral detection: catch malicious packages before they execute, not after they're catalogued. What it does PreFlight intercepts npm package upgrades in GitHub PRs and runs 4-stage behavioral analysis:
Script Diff – detects suspicious install hooks AST Scan – finds exfiltration patterns (env variable theft, reverse shells) Maintainer Scoring – flags account hijacks and inactivity Gemini AI Synthesis – synthesizes all signals into PASS/WARN/BLOCK verdicts with reasoning
Blocks malicious deps before merge. Posts detailed PR comments with kill-chain analysis. How we built it
Backend: FastAPI + Python (behavioral analysis engine) Frontend: Next.js + glassmorphism UI (SOC-grade dashboard) AI: Google Gemini 2.0 Flash (agentic verdict synthesis) Storage: MongoDB Atlas (scan history + community threat intel) CI/CD: Custom GitHub Action (automated on every PR)
Challenges we ran into
Acorn AST parsing edge cases (obfuscation patterns) NPM API rate limits during maintainer reputation lookups Balancing false positives vs. security coverage Real-time PR feedback latency over API calls
Accomplishments we're proud of
End-to-end zero-day detection (no CVE database needed) Production-ready GitHub Action with native PR integration Agentic AI that explains why a package is flagged Community threat dataset + public dashboard Caught real supply chain attack patterns in testing
What we learned
Behavioral signals beat signatures for novel threats Maintainer reputation is underrated in security tooling AI synthesis transforms raw signals into actionable intelligence GitHub Actions are the natural enforcement point for DevSecOps
What's next for PreFlight
Container scanning (Docker images, supply chain beyond npm) PyPI & Rust crates support (multi-language coverage) Org policies (custom block rules per team) Real-time threat intelligence (share intel across orgs) Incident response (automated quarantine + rollback)
Log in or sign up for Devpost to join the conversation.