PackageFix
PackageFix is a free browser-based dependency security fixer. Paste your manifest file and get back a fixed version with every vulnerable package patched — ready to download in one click.
Features
Properties
- Privacy focused
Features
- Ad-free
- Dark Mode
- No registration required
- No Tracking
- Package Manager
PackageFix News & Activities
Recent activities
- metriclogic added PackageFix
metriclogic added PackageFix as alternative to Snyk, Dependabot, Mend Renovate and Libraries.io
PackageFix information
Developed by
Metric Logic Licensing
Open Source (MIT) and Free product.Alternatives
15 alternatives listedSupported Languages
- English
AlternativeTo Categories
Development, Security & PrivacyGitHub repository
- 2 Stars
- 0 Forks
- 0 Open Issues
- Updated
What is PackageFix?
PackageFix is a free browser-based dependency security fixer. Paste your manifest file and get back a fixed version with every vulnerable package patched — ready to download in one click.
Supports 7 ecosystems: npm, PyPI, Ruby, PHP, Go, Rust, and Java/Maven. Also accepts lockfiles for transitive dependency scanning (package-lock.json, poetry.lock, Gemfile.lock, Cargo.lock, composer.lock).
Beyond CVE scanning, PackageFix detects supply chain attacks that npm audit misses:
- Glassworm/Unicode injection in manifest scripts
- Typosquatting (one character off a popular package)
- Zombie packages (unmaintained but widely depended on)
- Suspicious packages (dormant then suddenly updated)
- Build script danger (curl/wget in postinstall/build.rs)
- Unpinned version warnings (* and latest)
- Maintainer takeover flags
Uses the OSV vulnerability database (updated daily) and CISA KEV catalog for actively exploited packages. Everything runs client-side — nothing leaves your browser.
MIT licensed, open source.