Bumblebee allows you to detect malicious packets and extensions without running third-party code.
Perplexity AI has released Bumblebee, a scanner to check developer computers on traces of dangerous packages, extensions and tool settings. The utility helps to quickly understand whether there are components on the machine that have already been linked to supply chain attacks.
Bumblebee is written on Go and shipped as one executable file without external dependencies. The scanner works on macOS and Linux, collects information from local metadata and does not change files on the computer. Perplexity developers have created a tool to check the worker machines within the company, and now have published a project for the community under the Apache 2.0 license.
The main idea of Bumblebee is to ensure a safe test without running third-party code. The utility does not cause packet controllers, does not run installation scripts, does not execute commands like NPm ls or go list and does not read the source code of the project. Instead of this approach, the scanner studies lock files, manifests, service data of installed packages, the configuration of the Model Context Protocol and extension information.
Bumblebee supports NPm, pnpm, Yarn, Bun, PyPI, Modules modules, RubyGems and Composer. The scanner also checks the extensions for Visual Studio Code, Cursor, Windsurf and VSCodium, as well as extensions for Chromium and Firefox browsers. The Model Context Protocol settings in the supported JSON files are taken into account separately. If such settings have environment variables or accounts, Bumblebee uses the configuration only to inventory servers and does not display the secrets in the report.
The scanner allows you to quickly respond to specific incidents. When a warning of a malicious version of the package, a dangerous extension, or compromised component is released, the security team can quickly check which work machines have a match in local metadata. The result format is NDJSON, one entry to the string, so the data can be sent to systems that log logs handle.
Bumblebee has three verification profiles. Baseline allows you to regularly and unnecessarily install inventory the common user and global paths. The Project checks the specified directories with work projects, such as ~/code or ~/Developer. Deep is designed for one-time inspections in case of incident analysis and can bypass wide paths, including the home director of the user.
The scanner also knows how to work with risk directories. Such a directory describes the exact combinations of the ecosystem, the name of the package and the version, and Bumblebee is looking for matches on the local machine. In Perplexity, such directories are collected on the basis of open data on current attacks on supply chains and updated through change requests.
For small Bumblebee teams, it can be a simple alternative to heavy corporate tools that inventory developers’ jobs. The utility does not try to replace the lists of components of the finished product or end-stage protection, but closes another practical question: what dangerous packages, extensions and settings are visible on working computers right now.
Perplexity AI has released Bumblebee, a scanner to check developer computers on traces of dangerous packages, extensions and tool settings. The utility helps to quickly understand whether there are components on the machine that have already been linked to supply chain attacks.
Bumblebee is written on Go and shipped as one executable file without external dependencies. The scanner works on macOS and Linux, collects information from local metadata and does not change files on the computer. Perplexity developers have created a tool to check the worker machines within the company, and now have published a project for the community under the Apache 2.0 license.
The main idea of Bumblebee is to ensure a safe test without running third-party code. The utility does not cause packet controllers, does not run installation scripts, does not execute commands like NPm ls or go list and does not read the source code of the project. Instead of this approach, the scanner studies lock files, manifests, service data of installed packages, the configuration of the Model Context Protocol and extension information.
Bumblebee supports NPm, pnpm, Yarn, Bun, PyPI, Modules modules, RubyGems and Composer. The scanner also checks the extensions for Visual Studio Code, Cursor, Windsurf and VSCodium, as well as extensions for Chromium and Firefox browsers. The Model Context Protocol settings in the supported JSON files are taken into account separately. If such settings have environment variables or accounts, Bumblebee uses the configuration only to inventory servers and does not display the secrets in the report.
The scanner allows you to quickly respond to specific incidents. When a warning of a malicious version of the package, a dangerous extension, or compromised component is released, the security team can quickly check which work machines have a match in local metadata. The result format is NDJSON, one entry to the string, so the data can be sent to systems that log logs handle.
Bumblebee has three verification profiles. Baseline allows you to regularly and unnecessarily install inventory the common user and global paths. The Project checks the specified directories with work projects, such as ~/code or ~/Developer. Deep is designed for one-time inspections in case of incident analysis and can bypass wide paths, including the home director of the user.
The scanner also knows how to work with risk directories. Such a directory describes the exact combinations of the ecosystem, the name of the package and the version, and Bumblebee is looking for matches on the local machine. In Perplexity, such directories are collected on the basis of open data on current attacks on supply chains and updated through change requests.
For small Bumblebee teams, it can be a simple alternative to heavy corporate tools that inventory developers’ jobs. The utility does not try to replace the lists of components of the finished product or end-stage protection, but closes another practical question: what dangerous packages, extensions and settings are visible on working computers right now.
