Sentro — scan Python packages for malicious code, typosquatting & supply-chain attacks before install. Docs: sentro-docs.onrender.com
Project description
sentro
Scan Python packages for malicious code, typosquatting, and supply-chain attacks — before they ever install.
Built by Solvyx.dev
sentro install requests
╭──────────────────────── sentro scan ─────────────────────────╮
│ Package : requests 2.31.0 │
│ PyPI : verified │
│ Risk : SAFE (score 0/100) │
╰─────────────────────────────────────────────────────────────────╯
No issues found.
What it detects
- Malicious code —
eval()/exec()at module level,os.system(), socket connections to hardcoded IPs - Install hooks — dangerous calls in
setup.pythat run unconditionally at install time - Obfuscation —
exec(base64.b64decode(...))chains, high-entropy strings,marshal.loadspayloads - Typosquatting — names similar to popular packages (
reqeusts,numpy-dev), Unicode homoglyphs - Dependency confusion — package names that shadow Python stdlib modules
- Metadata signals — very new packages, suspiciously low download counts, missing author info
Each finding contributes to a risk score (0–100). The overall verdict is SAFE, WARNING, or DANGER.
Install
pip install sentro
Requires Python 3.11+.
Quick start
# Scan and install
sentro install requests
# Scan only — don't install
sentro install requests --no-install
# Block install if anything scores DANGER (for CI pipelines)
sentro install requests --strict
Full documentation — configuration reference, all CLI flags, CI integration guide, installer detection, and more:
sentro-docs.onrender.com
License
MIT — built and maintained by Solvyx.dev
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sentro-0.1.4.tar.gz.
File metadata
- Download URL: sentro-0.1.4.tar.gz
- Upload date:
- Size: 69.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ba8f84f1a3fd1fab6ee0770f7a7935155839949366e0e013e7eaf61c54c81bc
|
|
| MD5 |
894de32256eb951be5616257a7148b6c
|
|
| BLAKE2b-256 |
04ebe1c57a9d48e463f4be40e505302f1683e71f7466a66c69d2664078b1e207
|
File details
Details for the file sentro-0.1.4-py3-none-any.whl.
File metadata
- Download URL: sentro-0.1.4-py3-none-any.whl
- Upload date:
- Size: 34.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b240b2bba0f9cf33de5ff9bff82730e39c631dc7aeade6ada8a848e4b786352
|
|
| MD5 |
4a3db11948769c58215cf1a72808cef1
|
|
| BLAKE2b-256 |
cd82d984c904a6186b32535f6c0c75658c552720de12114c9a11244f55476754
|