Hound

Scans packages for vulnerabilities, checks licenses, inspects dependency trees, and detects typosquatting using free public APIs with zero configuration.

Hound is a supply chain security tool that gives coding agents comprehensive dependency analysis capabilities. It scans packages for known vulnerabilities via OSV, checks license compliance, inspects full dependency trees, and detects potential typosquatting attacks. The server uses only free, unauthenticated public APIs (Google's deps.dev and OSV) requiring no API keys or configuration. It provides 12 specialized tools including project-wide lockfile audits, security scoring, upgrade recommendations, package comparisons, and pre-installation safety checks across npm, PyPI, Go, Maven, Cargo, NuGet, and RubyGems ecosystems.