DevShield Documentation
The complete guide to utilizing the Zero-Trust Security Toolkit for your CI/CD pipelines, package analysis, and credential monitoring.
Platform Capabilities
NPM Package Auditor
Fetch real-time comprehensive risk metrics for any npm package. Evaluates the National Vulnerability Database (NVD) for active Zero-Day exploits, assesses maintenance timelines, popularity metrics, and assigns a master Risk Score (0-100).
Remote GitHub Scanner
Copy and paste any public GitHub repository URL into the auditor. We utilize the GitHub REST API to securely extract the `package.json` file remotely and bulk analyze every single nested dependency for security risks natively in the browser.
Visual Dependency Tree
Vulnerabilities hide in transitive dependencies (dependencies of dependencies). The interactive D3.js force-directed graph automatically maps deep dependency chains up to 2-layers deep so you can visually untangle supply chain risks.
The DevShield CLI
The DevShield CLI is designed to wrap natively into your continuous integration (CI/CD) pipelines (such as GitHub Actions or GitLab CI) to strictly block vulnerable code from reaching production.
$ npx devshield
$ npm install -g devshield
$ devshield
Pipeline Execution
When executed, the CLI will iterate through your local `package-lock.json` and communicate with vulnerability databases. If any dependency contains a HIGH or CRITICAL severity CVE, the CLI will forcefully exit with `Exit Code 1`, preventing your pull request from being merged.
Zero-Knowledge Architecture
Our credential leak monitoring utilizes strict k-Anonymity privacy architectures. When you query an email for historical breaches across our 7B+ record database, the query is cryptographically hashed via `SHA-1` directly inside your web browser.
Only the first 5 characters of the hash are transmitted to our Edge APIs to find bucketed prefix-matches, ensuring your plaintext passwords and identifiers are completely obfuscated from our network layer. We see nothing, and we log nothing.