Enterprise security and monitoring for developers. Auto-restart, threat detection, pkl inspector, supply chain protection.
Project description
stillrunning
Enterprise security and monitoring for developers who can't afford enterprise tools.
Patent Pending - US Provisional Application filed April 12, 2026
Install
pip install stillrunning
What's included
| Command | What it does |
|---|---|
stillrunning --setup |
3-minute setup wizard, auto-detects your processes |
stillrunning-scan <file> |
Static analysis - AST, entropy, pkl inspector |
stillrunning-guard |
Always-on security daemon, auto-learning whitelist |
stillrunning-intercept |
npm/pip supply chain attack blocker |
pkl-inspector <file> |
Pickle file analysis without execution (Patent Pending) |
The threat
In 2026, North Korean state hackers published 1,700+ malicious packages to npm and PyPI. Traditional AV found nothing. stillrunning catches it before it runs.
Pricing
- Free:
pip install stillrunning- open source core - Personal $9/mo: guard daemon + live threat rules
- Pro $29/mo: guard + intercept + Telegram alerts
- Team $99/mo: 10 machines, central dashboard
- Enterprise $499/mo: SSO, SIEM, compliance reports
Open source siblings
- pkl-inspector:
pip install pkl-inspector(Patent Pending) - bitbot-primitives:
pip install bitbot-primitives
Features
Security Scanner (stillrunning-scan)
- AST-based Python code analysis
- Shannon entropy detection for obfuscated payloads
- Pickle file static analysis (no execution)
- Threat scoring with CLEAN/REVIEW/DANGEROUS verdicts
Guard Daemon (stillrunning-guard)
- Always-on process monitoring
- Auto-learning whitelist (reduces false positives)
- macOS keychain/LaunchAgent monitoring
- Telegram alerts for threats
Supply Chain Protection (stillrunning-intercept)
- Wraps npm/pip install commands
- Blocks known malicious packages
- Live threat feed from stillrunning.io
- WAVESHAPER.V2 detection
Docker Agent (stillrunning-docker)
- Container security monitoring
- Privileged container detection
- Sensitive mount alerts
- Malicious image blocking
Pickle Inspector (pkl-inspector)
- Static analysis without execution
- Opcode-level parsing
- CRITICAL/DANGEROUS/SUSPICIOUS verdicts
- Protocol 0-5 support
Quick Start
# Install
pip install stillrunning
# Setup wizard (detects your processes)
stillrunning --setup
# Scan a file
stillrunning-scan suspicious.py
# Analyze a pickle
pkl-inspector model.pkl
# Start guard daemon
stillrunning-guard
License
MIT License
Copyright 2026 stillrunning.io
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file stillrunning-1.7.0.tar.gz.
File metadata
- Download URL: stillrunning-1.7.0.tar.gz
- Upload date:
- Size: 47.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c323b64872c957ce9ee86c567519db2d4c960e5a9c8145d0d2cd416ace30c456
|
|
| MD5 |
e8db9c4cd8216ef52ad987670bada284
|
|
| BLAKE2b-256 |
cd3025973a07e80e2127904b1166367d35163155a53496afc70b7b02c1c86363
|
File details
Details for the file stillrunning-1.7.0-py3-none-any.whl.
File metadata
- Download URL: stillrunning-1.7.0-py3-none-any.whl
- Upload date:
- Size: 49.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dc8d5201b491d60ea8590105a46a7d68267c4698c8ef0def87a0db2b017c763c
|
|
| MD5 |
82f431521f1d7aa5435a63406ee56952
|
|
| BLAKE2b-256 |
775f986df4f359d7cc911fa32f5e83ac5ea10f388c455f366aa250116725fdd0
|
