Dependency security scanner for macOS — detects malicious, vulnerable, and suspicious packages across npm, PyPI, Go, Ruby and more
Project description
🐝 Bumblebee CLI
Dependency security scanner for macOS. Detects malicious, vulnerable, and suspicious packages across npm, PyPI, Go, Ruby, and more — right from your terminal.
Type bee and you're scanning. No config files, no accounts, no setup beyond one install command.
Bumblebee CLI wraps the Perplexity Bumblebee scanner with a polished terminal interface — interactive REPL shell, auto-generated HTML/PDF reports, SBOM generation, scheduled background scans via launchd, and a live threat intelligence catalog system.
Installation
pip
pip install bumblebee-cli
Requires Python 3.11 or later. The bee command is available system-wide after install.
Homebrew (macOS)
brew tap chanduchitikam/bumblebee
brew install bumblebee-cli
From source
git clone https://github.com/Chandu00756/Bumblebee_CLI
cd Bumblebee_CLI
pip install .
Quick start
bee
No arguments opens the interactive guided menu. Arrow keys to navigate, Enter to select.
Step 1 — Install the scanner engine
Before scanning, install the Perplexity Bumblebee binary. Requires Go.
bee install
Verify:
bee selftest
Commands
Scan
bee scan /path/to/project
| Flag | Description |
|---|---|
--profile baseline|deep|fast |
Scan depth (default: baseline) |
--ecosystem npm |
Restrict to one or more ecosystems |
--findings-only |
Suppress clean packages, show only findings |
--output results.ndjson |
Save raw output to a file |
--max-duration 120 |
Timeout in seconds |
--quiet |
Suppress progress output |
bee scan . --profile deep --findings-only
Quick scan — runs and saves a timestamped .ndjson file automatically:
bee quick .
Reports
Generate an HTML or PDF report from a saved scan file:
bee report html results.ndjson
bee report pdf results.ndjson
Generate from the most recent scan:
bee report last
bee report last --format pdf
Reports are saved to ~/.bumblebee-cli/reports/.
SBOM
Generate a Software Bill of Materials:
bee sbom # SPDX format (default)
bee sbom --format cyclonedx # CycloneDX format
bee sbom --output my-sbom.json # Custom output path
Export
Export scan results in different formats:
bee export --format sarif # GitHub Code Scanning compatible
bee export --format csv
bee export --format json
CI / policy gate
Use in CI pipelines — exits non-zero if findings exceed the threshold:
bee ci . # Fail on any critical finding
bee ci . --fail-on high # Fail on high or critical
bee ci . --fail-on none # Always pass (report only)
Diff
Compare two scan files to see what changed:
bee diff scan-before.ndjson scan-after.ndjson
Threat scan
Deep scan against known threat intel advisories:
bee threat-scan
bee threat-scan my-catalog
Scheduled scans
Bumblebee CLI uses macOS launchd to schedule recurring scans. No cron required.
bee schedule add morning-scan --when daily ~/
Available --when presets:
| Preset | Time |
|---|---|
morning |
8:00 AM |
noon |
12:00 PM |
daily |
9:00 AM |
evening |
6:00 PM |
night |
10:00 PM |
weekly |
Monday 9:00 AM |
monthly |
1st of month, 9:00 AM |
hourly |
Every 60 minutes |
HH:MM |
Specific time, e.g. --when 14:30 |
Manage schedules:
bee schedule list
bee schedule enable <name>
bee schedule disable <name>
bee schedule run <name> # trigger immediately
bee schedule stop <name> # stop a running job
bee schedule logs <name> # tail stdout log
bee schedule delete-logs # clear all log files
bee schedule delete-logs <name> --older-than 1w # 1w | 2w | 1m | 2m | 3m | 6m | all
bee schedule remove <name>
Use bee schedule setup for an interactive wizard with preset scenarios (full machine scan, nightly deep scan, threat intel watch, etc.).
Exposure catalogs
Catalogs are JSON threat intelligence files used to match packages against known malicious indicators.
bee catalog list
bee catalog list-intel
bee catalog show <catalog>
bee catalog create <name>
bee catalog validate <file>
bee catalog fetch-intel
History
bee history
bee history show
bee history last
bee history clear
Installer management
bee install # Install Bumblebee scanner binary
bee update # Update to latest version
bee status # Show installation path and version
bee selftest # Run a quick sanity check
bee version # Print bee version
Interactive mode
bee
Starts a REPL-style shell with guided menus for all commands. Useful for exploratory scanning without memorising flags.
Watching for changes
bee watch /path/to/project
Monitors the directory for file changes and re-scans automatically.
Directory layout
All data stored under ~/.bumblebee-cli/:
~/.bumblebee-cli/
scans/ Raw .ndjson scan output files
reports/ Generated HTML and PDF reports
catalogs/ Exposure catalog JSON files
history.json Scan history log
Requirements
- macOS 12 or later (Monterey+)
- Python 3.11 or later
- Go 1.21 or later (required only for
bee install) - Internet access for initial binary installation and threat intel feeds
License
MIT — see LICENSE
🐝 Powered by Perplexity Bumblebee
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bumblebee_cli-2.1.1.tar.gz.
File metadata
- Download URL: bumblebee_cli-2.1.1.tar.gz
- Upload date:
- Size: 52.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb915635d3bf2cb5991ea168260794f0f5f5389f9518145bf77583d60ad2032a
|
|
| MD5 |
4a6dfe84d5c54ba3e1223edc192b75c8
|
|
| BLAKE2b-256 |
8dec26b087fa146ca54df1edf4511c5af126c3c201ba0d0be6e5d780d2bed3cc
|
File details
Details for the file bumblebee_cli-2.1.1-py3-none-any.whl.
File metadata
- Download URL: bumblebee_cli-2.1.1-py3-none-any.whl
- Upload date:
- Size: 57.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a8288ae0ba41689293cfdc91b6ef1df0cffdbc945fe97e4e511712415e898f17
|
|
| MD5 |
1985ca57850d9ea9928b40c2c1ff104d
|
|
| BLAKE2b-256 |
338102bd937e23d7aeaf9ff155f0a3303aeefdbb46f736bb18ec09f5e780df53
|
