Enterprise security and monitoring for developers. Auto-restart, threat detection, pkl inspector, supply chain protection.
Project description
stillrunning
Supply chain security for teams without security teams.
pip install stillrunning
What it does
- AI Package Review — Claude Haiku scans every unknown pip/npm package at install time
- Blocks malicious packages before they run — intercepts installs, checks against live threat feed
- Tripwire Monitor — alerts when sensitive files (.env, SSH keys, private_key.pem) are accessed
- File Integrity — SHA256 hash monitoring for critical files
- Honeypot Credentials — fake .env files that alert when accessed
- Learns your environment — auto-whitelists your processes, alerts on anomalies
- Updates itself — syncs blocklist every 60 minutes from 8 threat intel sources
The attack it was built for
In 2026, North Korean state hackers published WAVESHAPER.V2 — 1,700+ malicious packages across npm and PyPI. Credential stealers disguised as logging utilities. Traditional AV found nothing. Enterprise tools cost $50k/year.
stillrunning catches it at install time, before it ever runs.
Live proof
stillrunning.io/threats — real-time intercept dashboard.
Not a demo. Every package check, every block, every threat advisory — live.
Quick start
# Install
pip install stillrunning
# Run setup wizard
stillrunning --setup
The setup wizard detects your running processes, configures monitoring, and connects to the live threat feed. Takes 3 minutes.
Troubleshooting
# Run 12 diagnostic checks
stillrunning --doctor
Checks: config validation, API connectivity, token validation, process monitor health, threat feed sync, disk space, and more.
With subscription token
For premium features (AI review, tripwire, file integrity):
# Install with token
curl -sSL https://stillrunning.io/install | python3 - --token YOUR_TOKEN
# Or add to stillrunning.yaml
token: "sr_your_token_here"
Get your token at stillrunning.io/pricing
Pricing
| Tier | Monthly | Annual (save 20%) | Features |
|---|---|---|---|
| Personal | $9/mo | $90/year | Process monitor, auto-restart, Telegram alerts |
| Basic | $29/mo | $290/year | + File integrity, tripwire, honeypot |
| AI | $49/mo | $490/year | + AI package review (100 scans/day), central dashboard |
| Enterprise | $499/mo | Custom | + Unlimited scans, SIEM, SSO, SOC2 compliance |
Features by Tier
Personal ($9/mo)
- Process monitoring with auto-restart
- Telegram/Slack/Email alerts
- Basic threat blocklist
- 1 machine
Basic ($29/mo)
Everything in Personal, plus:
- Tripwire Monitor — instant alerts when .env, SSH keys, or secrets are accessed
- File Integrity — SHA256 tracking of critical files
- Honeypot Credentials — canary files that catch malware
- 3 machines
AI ($49/mo)
Everything in Basic, plus:
- AI Package Review — Claude Haiku analyzes every unknown package
- Verdicts: CLEAN / SUSPICIOUS / DANGEROUS
- 100 AI scans per day
- Central dashboard for all machines
- Unlimited machines
Enterprise ($499/mo)
Everything in AI, plus:
- Unlimited AI scans
- SIEM integration (Splunk, Elastic, etc.)
- SSO (SAML, OIDC)
- SOC2 compliance reports
- 4-hour SLA
- Dedicated support
Stats
- 56+ malicious packages in blocklist
- 8 threat sources: CISA, OSV.dev, NVD, GitHub, npm, Snyk, Socket, Gemini AI
- AI-powered discovery — Gemini 2.5 Flash hunts new threats in security blogs
- Updated hourly
Badge
Show your project is protected:
Public API
Check if a package is safe before installing:
curl https://stillrunning.io/api/check-package/pip/requests
# Returns: {"package": "requests", "status": "CLEAN", ...}
curl https://stillrunning.io/api/check-package/pip/logutilkit
# Returns: {"package": "logutilkit", "status": "BLOCKED", "severity": "CRITICAL", ...}
Rate limit: 10 requests/hour (free), unlimited with subscription.
Referral Program
Earn 20% recurring commission on customers you refer.
- Get your code from stillrunning.io/dashboard
- Share:
stillrunning.io/ref/YOUR_CODE - Earn 20% of every payment
Links
- stillrunning.io — homepage
- stillrunning.io/threats — live threat dashboard
- stillrunning.io/docs — API docs
- stillrunning.io/pricing — get started
- @bit_bot9000 — updates
License
MIT License
Patent Pending — US Provisional Application filed April 12, 2026
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file stillrunning-1.9.1.tar.gz.
File metadata
- Download URL: stillrunning-1.9.1.tar.gz
- Upload date:
- Size: 54.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5f1fec53aac527d17ab61b0d4877a987a726140d88e54d6140c0ddc33fe305c1
|
|
| MD5 |
526a42a1b665209d90d417e879b2dadc
|
|
| BLAKE2b-256 |
d64bfc224f1a4410a7066841c40dfb30bd01b42e35b57a6e84b611b91e3f71bf
|
File details
Details for the file stillrunning-1.9.1-py3-none-any.whl.
File metadata
- Download URL: stillrunning-1.9.1-py3-none-any.whl
- Upload date:
- Size: 56.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e0c059d709a8dbe51cbe5d0fa75055d882b9eb4fede566f95033bfed1a9c87e9
|
|
| MD5 |
261e9c252e644636d6ad99f0db283362
|
|
| BLAKE2b-256 |
3bf5b29f0d8ecff18f20034d58677a7ce1d40420cc5e5695aed6a52cbae3bee1
|
