Home / All Categories / Developer Tools / Security & Dependency Management
Refuse logo

Refuse.

Block threats before they ever touch your code

Stop malicious packages before they hit your system. Refuse blocks vulnerable npm, pip, cargo & more installs in real-time. Open-source, self-hosted, Docker-ready.

Vulnerability BlockingPackage Manager SecurityAI Coding Agent Protection
Visit Website
Visit Website
Rank
▲ #35
Votes
81
Platform
Web / Mobile
Launched
Recently
Refuse screenshot

More About Refuse

Refuse

Refuse is an open-source security shim that intercepts package installations before they reach your system, automatically blocking vulnerable dependencies across 21+ ecosystems. By sitting between your shell and package registries, it protects developers, AI agents, and CI pipelines from installing known CVE-tagged or malicious packages—without disrupting your existing workflow.

Product Highlights

  • Universal Package Manager Support: Works seamlessly with npm, pip, cargo, gem, go, composer, and 13+ other package managers through a single lightweight binary.

  • Real-Time Vulnerability Database: Checks every install against 362,000+ live security advisories, blocking malicious code and CVE-tagged versions instantly.

  • Intelligent Version Suggestions: Automatically recommends safe alternative versions when vulnerable packages are detected, allowing seamless remediation with simple bash substitution.

  • Multi-Environment Protection: Secures manual installs, AI agent workflows (Claude Code, Cursor, Codex), and CI/CD pipelines through consistent policy enforcement.

  • Flexible Deployment Options: Choose between managed cloud backend or self-hosted deployment on localhost, with simple configuration via YAML.

Use Cases

  • Developer Workstation Security: Automatically intercept and block vulnerable package installations during day-to-day development, preventing supply chain attacks before they reach your local environment.

  • AI-Assisted Coding Protection: Safeguard AI agents and MCP clients from inadvertently installing compromised dependencies when generating or modifying codebases.

  • CI/CD Pipeline Hardening: Enforce security policies across build pipelines, ensuring that automated deployments never ship applications with known vulnerabilities.

  • Container Image Security: Scan Dockerfile dependencies including apt, apk, and dnf packages alongside language-specific installs to produce vulnerability-free container images.

Target Audience

Refuse is designed for security-conscious developers, DevOps engineers, and platform teams who need to protect software supply chains across individual machines, AI coding workflows, and automated build systems—without adding friction to existing development processes.