Today we're excited to announce the official launch of Sentro, Solvyx's first open-source tool.
Sentro was born out of a real need: every day thousands of developers run pip install without knowing what they're actually installing. Packages with names similar to popular libraries, malicious scripts hidden in install_requires, dependency confusion in corporate environments — these are real, underestimated attack vectors.
What Sentro does
- Pre-install scanning: analyses the package before any script runs
- Typosquatting detection: compares the package name against popular libraries to spot impostors
- setup.py analysis: inspects code executed during installation to identify suspicious behaviour
- Dependency confusion: checks whether an internal package could be hijacked by a public one with the same name
Getting started
Sentro is available on PyPI and fully open source. Check the full documentation for all commands and configuration options.
This is just the first tool in a series. We're already working on the next one.