Get Started

Documentation

`sus` is a package gateway for AI agents that works with your favorite package manager.

why sus?

AI agents read documentation, follow instructions, and install packages autonomously. This makes them vulnerable to prompt injection, typosquatting, and supply chain attacks. `sus` scans packages for known vulnerabilities, malicious install scripts, and obfuscated code.

Modern projects often span multiple languages—a Python backend with a TypeScript frontend, Rust modules with Node.js bindings, or Go services alongside npm tooling. AI agents working across these codebases need a unified way to safely install packages. `sus` supports npm, pnpm, yarn, bun, PyPI, and Cargo—with Go coming soon.

`sus` automatically updates your AGENTS.md with a docs index that teaches your AI agents how to use dependencies correctly in your codebase.

how it works

`sus` acts as a drop-in replacement for your package manager. Instead of running npm install express, you run sus add express. You get instant results because the package has already been analyzed.

`sus` continuously analyzes every package published to package registries. All the heavy lifting—CVE correlation, static analysis, ML inference for prompt injection detection—happens before you ever install a package.