Metadata-Version: 2.4
Name: sentro
Version: 0.1.4
Summary: Sentro — scan Python packages for malicious code, typosquatting & supply-chain attacks before install. Docs: sentro-docs.onrender.com
Project-URL: Homepage, https://sentro-docs.onrender.com
Project-URL: Documentation, https://sentro-docs.onrender.com
Project-URL: Source Code, https://github.com/solvyx-dev/sentro
Project-URL: Issue Tracker, https://github.com/solvyx-dev/sentro/issues
Author-email: "Solvyx.dev" <solvyx11@proton.me>
License: MIT
Keywords: malware-detection,package-manager,pip,security,supply-chain
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Build Tools
Requires-Python: >=3.11
Requires-Dist: click>=8.1
Requires-Dist: packaging>=24.0
Requires-Dist: rich>=13.0
Provides-Extra: dev
Requires-Dist: pytest-cov>=5.0; extra == 'dev'
Requires-Dist: pytest-mock>=3.0; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Requires-Dist: responses>=0.25; extra == 'dev'
Description-Content-Type: text/markdown

# sentro

[![PyPI](https://img.shields.io/pypi/v/sentro)](https://pypi.org/project/sentro/)
[![Python](https://img.shields.io/pypi/pyversions/sentro)](https://pypi.org/project/sentro/)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE)
[![Docs](https://img.shields.io/badge/docs-sentro--docs.onrender.com-informational)](https://sentro-docs.onrender.com)

**Scan Python packages for malicious code, typosquatting, and supply-chain attacks — before they ever install.**

Built by [Solvyx.dev](https://solvyx.dev)

```bash
sentro install requests
```

```
╭──────────────────────── sentro scan ─────────────────────────╮
│   Package : requests 2.31.0                                     │
│   PyPI    : verified                                            │
│   Risk    : SAFE  (score 0/100)                                 │
╰─────────────────────────────────────────────────────────────────╯
  No issues found.
```

---

## What it detects

- **Malicious code** — `eval()` / `exec()` at module level, `os.system()`, socket connections to hardcoded IPs
- **Install hooks** — dangerous calls in `setup.py` that run unconditionally at install time
- **Obfuscation** — `exec(base64.b64decode(...))` chains, high-entropy strings, `marshal.loads` payloads
- **Typosquatting** — names similar to popular packages (`reqeusts`, `numpy-dev`), Unicode homoglyphs
- **Dependency confusion** — package names that shadow Python stdlib modules
- **Metadata signals** — very new packages, suspiciously low download counts, missing author info

Each finding contributes to a **risk score (0–100)**. The overall verdict is `SAFE`, `WARNING`, or `DANGER`.

---

## Install

```bash
pip install sentro
```

Requires Python 3.11+.

---

## Quick start

```bash
# Scan and install
sentro install requests

# Scan only — don't install
sentro install requests --no-install

# Block install if anything scores DANGER (for CI pipelines)
sentro install requests --strict
```

---

> **Full documentation** — configuration reference, all CLI flags, CI integration guide, installer detection, and more:
>
> ### [sentro-docs.onrender.com](https://sentro-docs.onrender.com)

---

## License

MIT — built and maintained by [Solvyx.dev](https://solvyx.dev)
