v2.0.0 — Now with Local AI

Secure Your Software Supply Chain with AI-Powered Precision

Falcn detects typosquatting, dependency confusion, and malicious packages in real-time — all while keeping your code completely private with local AI.

Get Started Free View on GitHub

Privacy-First

Sub-100ms Scanning

15+ Package Managers

MIT Licensed

The Problem

Supply Chain Attacks Are Exploding

Every npm install or pip install is a potential attack vector. Traditional security tools scan too late.

742%

Attack increase since 2019

$46B

Projected cost by 2026

1 in 5

Orgs breached via deps

~100ms

Falcn fast mode

Features

Enterprise Security, Open Source Freedom

Falcn combines deterministic heuristics, behavioral analysis, and local AI to detect and explain threats.

🔍

Detection Engine

RUNT (typosquatting), DIRT (business risk), GTR (dependency graph) algorithms working together.

🤖

Privacy-First AI

Local Ollama LLMs explain threats in plain English. Your code never leaves your infrastructure.

🧪

Behavioral Sandbox

Isolated Docker containers catch install-time malware by monitoring syscalls and network requests.

⚡

Built for Speed

Sub-100ms fast mode for CI/CD. 1000+ packages/min without blocking developer velocity.

🔗

Integrations

GitHub Actions, GitLab CI, Splunk, Slack, Prometheus, SARIF/SBOM output formats.

🛡️

Policy Engine

BLOCK, ALERT, or REVIEW thresholds. Configurable enforcement per environment.

Live Demo

Detecting a Typosquatting Attack

Terminal — falcn scan

$ falcn scan ./my-project 🦅 FALCN v2.0.0 - Supply Chain Security Scanner ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [✓] Detected: package.json (npm) [✓] Scanning 47 dependencies... [✓] Running RUNT, DIRT, GTR analysis... ⚠️ THREAT DETECTED: Typosquatting Attack ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Package: cros-env Mimics: cross-env (12M downloads/week) Attack Type: CHARACTER_OMISSION Similarity: 0.923 | Risk: CRITICAL 🤖 AI Explanation (Ollama/Llama3): "The package 'cros-env' is missing the second 's' from 'cross-env'. This is a classic typosquatting attack. Do not install." Scan completed in 94ms | 1 threat | 46 safe

Quick Start

Get Started in 60 Seconds

Installation

# 1. Install via Docker (Recommended) $ docker pull vanali/falcn:latest # 2. Scan your project $ docker run --rm -v $(pwd):/workspace vanali/falcn:latest scan /workspace # 3. (Optional) Enable AI with Ollama $ docker run --rm -v $(pwd):/workspace --network host \ -e FALCN_LLM_ENABLED=true vanali/falcn:latest scan /workspace

Quick Start Guide Browse All Docs

Pricing

Open Source — Free Forever

MIT licensed. Use anywhere, modify freely, contribute back.

Open Source

Free

Core Detection Engine

Local AI (Ollama)

CI/CD Integration

SARIF/SBOM Output

Sandbox Analysis

Get Started

Enterprise

Everything in OSS

Priority Support (SLA)

Custom Integrations

Training & Onboarding

SSO/SAML Support

Contact Sales

FAQ

Frequently Asked Questions

Falcn integrates with Ollama, an open-source local LLM runner. When a threat is detected, Falcn sends package metadata (not your source code) to Ollama, which generates a human-readable explanation using Llama 3, Mistral, or Gemma. Your data never leaves your infrastructure.

Falcn supports npm, PyPI, Go modules, Maven, and NuGet. Cargo (Rust), Composer (PHP), and RubyGems are on the roadmap.

Fast mode (--no-llm --no-sandbox) completes in ~100ms. Full analysis with AI takes 2-5 seconds. We recommend fast mode for CI/CD gates.

Yes! The core scanner needs no network. AI uses local Ollama. For vulnerability data, configure a local OSV/NVD mirror.

Ready to Secure Your Supply Chain?

Join developers who trust Falcn to protect their software from supply chain attacks.

Get Started Free Star on GitHub