npm audit isn't catching malware. This Rust scanner fills the gap.

⚡ Key Takeaways

• npm audit only detects known vulnerabilities—the gap between package publication and discovery can be weeks, during which malware spreads undetected 𝕏
• aegis-scan uses local static analysis, AST parsing, and behavioral detection to catch obfuscated eval, suspicious install scripts, and maintainer takeovers without cloud dependency 𝕏
• This represents a broader shift: developers increasingly want to own security tooling locally rather than outsourcing trust to SaaS platforms 𝕏