Supply-chain dependency firewall for: Python, Node, PHP, Ubuntu, Debian, Red Hat, Almalinux, Rocky Linux, Alpine, and Docker.
Project description
UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI
Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with:
- PyPI (via
ubel-pip) - npm (via
ubel-npm) - Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux, Rocky-Linux, and Alpine)
- Docker (if the image is based on one the mentioned Linux distros above)
Ubel runs in CLI, automation scripts, and CI/CD pipelines, producing clean JSON and PDF reports.
✨ Features
- Full dependency resolution across ecosystems
- OSV.dev vulnerability scanning (batch API)
- Policy engine (block/allow by severity & infection)
- Checking linux-package or node/python dependency or entire project (
checkmode) - Install‑time enforcement (
installmode) - Project‑level/Host-level/kernal-level/Docker-level scanning (
healthmode) - Catches Non-CVEs
- It is a supply-chain protection tool
- Automatic report generation (JSON + PDF)
- Extremely fast (seconds per scan)
📦 Installation
pip install ubel
If you are on Linux, you need to:
- setup a virtual envirenment:
python3 -m venv venv - run enable the virtual envirenment
source venv/bin/activate - then run:
pip install ubel
Ubel exposes binaries:
ubel(Linux package scanning and OS-level operations: Ubuntu-based , Debian-based, Red Hat, Almalinux, Rocky-Linux, and Alpine )ubel-pip(Python ecosystem)ubel-npm(Node.js ecosystem)ubel-docker(Docker)
🚀 Usage Overview
Main CLI
usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]
PyPI CLI
usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]
npm CLI
usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]
docker CLI
usage: ubel-docker [-h] {health} <docker_image>
🧠 Commands Explained
check
Resolve dependencies/linux-packages → generate report → exit.
Python example:
ubel-pip check
If no extra arguments are passed, Ubel will:
- Detect
requirements.txt - Resolve all packages
- Scan them
- Output PDF + JSON
npm example:
ubel-npm check flask==3.1.0
If no args are passed, it will detect package.json automatically.
install
Same as check, but enforces policies and either blocks or allows installation.
Python example:
ubel-pip install flask==3.1.0
Or auto-detect project requirements:
ubel-pip install
npm example:
ubel-npm install express@5.0.0
Or simply:
ubel-npm install
(uses package.json automatically)
health
Scan the entire machine or running project, including:
- Installed PyPI packages
- Installed npm global packages
- OS-level packages (Ubuntu-based/Debian-based/RHEL/AlmaLinux)
Example: ( for linux )
ubel health
or ( for node.js app )
ubel-npm health
or ( for python app )
ubel-pip health
This mode produces large, detailed inventories and vulnerability matrices.
init
Initialize a policy file for the project or system.
Example:
ubel init
Creates default policy:
infections: block
severity:
critical: block
high: block
medium: allow
low: allow
unknown: allow
allow / block
Override Ubel's decision from CI/CD or scripted pipelines.
The arguments can be: "low", "medium", "high", "critical".
Example:
ubel block high critical
📁 Automatic Project Detection
For npm and PyPI, when running:
installcheck
without arguments:
Ubel automatically loads:
package.json(for npm)requirements.txt(for pip)
This makes it ideal for CI/CD workflows.
📤 Output
Ubel generates:
1. JSON report
Machine‑readable, includes:
- dependency list
- purls
- vulnerabilities
- severity
- infection state
- policy decision
- Generate complete SBOM-like machine inventory
2. PDF report
Human‑readable, includes:
- summary statistics
- per‑dependency vulnerability details
- fix recommendations
- tables
- OSV reference links
- Generate complete SBOM-like machine inventory
🧩 Ecosystem Tools
ubel→ system packages, Linux distrosubel-pip→ PyPI projects, virtual environments\ubel-npm→ Node.js, npm, package.json projects
Ubel – Secure every dependency, before it reaches production.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ubel-0.5.0.tar.gz.
File metadata
- Download URL: ubel-0.5.0.tar.gz
- Upload date:
- Size: 23.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
796058620539adf05e4bf905497438b02f91b112deb7f63f469ae303f775f617
|
|
| MD5 |
2cc1592371b71d1df0bdd584de217495
|
|
| BLAKE2b-256 |
37dbaa47d81fb62a27cd46033174c7a1fd52175e8d2a4993e96913d278dafdc6
|
File details
Details for the file ubel-0.5.0-py3-none-any.whl.
File metadata
- Download URL: ubel-0.5.0-py3-none-any.whl
- Upload date:
- Size: 25.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
40ff6979f8dff2286da1ece266f5f4c05080865c3bc2abf2f125195e700c2019
|
|
| MD5 |
e811af4a0bac8868de3882f50cdeccb6
|
|
| BLAKE2b-256 |
6d417f0efef309284fcdb973c1b23a7b4fcf8e4069a32334a53f61ba2638de30
|
