Open source. Transparent. Relentless.

See every file.Stop every threat.

Laocoon scans manifests, source code, and uploaded files against malware intelligence, OSV/GHSA advisories, static analysis, behavioral heuristics, typosquat signals, and suspicious execution patterns. Know before you trust it.

Scan your projectView documentation →

Layered Intel

Static analysis, advisories, heuristics, and provenance checks.

Malware Focused

Specialized in detecting malicious file and package behavior.

ϟ

Live Streaming

Deep scans stream live results from the FastAPI backend.

Privacy First

Files processed server-side and discarded immediately.

How it works

Layered analysis. Zero blind spots.

Laocoon combines advisory intelligence, source inspection, runtime heuristics, metadata analysis, and trust signals so suspicious files cannot quietly disappear inside modern software ecosystems.

Advisory Intel

Checks OSV MAL-* advisories and GHSA malware reports against every dependency.

</>

Static Analysis

40+ rules inspect source, scripts, and suspicious execution paths.

Behavioral Heuristics

Metadata, install-time scripts, exfiltration, and evasion patterns.

Ecosystem Defense

Typosquatting, dependency confusion, and registry integrity checks.

Start a scan

Drop your files. We'll tell you what's dangerous.

Backend streams results via Server-Sent Events. Warmup uses /ping, scans post to /scan. Results render live as findings arrive.

package.jsonpackage-lock.jsonpyproject.tomlrequirements.txt.py · .js · .ts · .txt · more

Drop or Enter File Here

Click anywhere to browse — no account required.

No file selected
Scan outputwaiting
"
I fear the Greeks, even when they bear gifts.Laocoön, priest of Troy — Virgil's Aeneid
— Laocoön