GitHub Action · supply-chain gate

Your AI added a package that doesn't exist.
Someone registered it anyway.

LLMs hallucinate dependency names — and attackers pre-register them with payloads. depfirewall fails the PR when a dependency exists on no registry, or ships known CVEs. One workflow file. No config. Your code never leaves GitHub.

.github/workflows/depfirewall.yml
on: [pull_request]
permissions: { contents: read, pull-requests: write }
jobs:
  depfirewall:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: alwaysreadyallies/depfirewall@v1

Four checks between "AI wrote it" and "it's in main"

Dependabot and npm audit scan packages that exist for bugs that are known. A package that exists nowhere sails straight through them. That's the gap this closes.

1 · diff

Only what changed

The dep-set is diffed against the PR base — requirements.txt, pyproject.toml, package.json. Added or version-changed deps get checked; the other 400 lines don't get re-litigated.

2 · exists?

Hallucination check

Each dep is looked up on deps.dev. A 404 is confirmed against the native registry (PyPI, npm, crates.io, Go proxy) — only a package that exists nowhere fails.

3 · safe?

CVE check

Known advisories, deduped per CVE, scored by max CVSS. Set a severity floor (7.0 = high/critical only) or fail on any advisory.

4 · prove it

Verdict + certificate

One PR comment, updated in place on every push, plus a checkable JSON certificate — the audit trail that your AI-written code was verified before merge.

Free where it spreads. Paid where it matters.

Public repositories run the full gate free, forever. Private repositories need a license key.

Public repos
$0
forever
  • Full gate — hallucination + CVE checks
  • PR verdict comment + JSON certificate
  • Severity floor & fail-on policy
Install from GitHub
Private repos
$19
per repository / month
  • Everything in free, on private repos
  • License key bound to your repo
  • Priority ecosystem support (go.mod, Cargo.toml next)
  • Email support
Get a license key

Built to be trusted

Your code stays on GitHubPure registry-metadata lookups. Nothing is uploaded, nothing is stored, no telemetry.
False positives treated as fatalA brand-new legit package gets a NEW warning, never a block — every 404 is double-confirmed before failing.
Stdlib only, auditable in an afternoonA composite action running plain Python on your runner. MIT engine — read every line.