trawld watches every machine on your team, scans packages against the OSV database, and surfaces vulnerable dependencies before they reach production.
// how it works
Works on Linux, macOS, and Windows. No app-level code changes required.
01 / deploy
One-click Vercel deploy. Point it at a MongoDB database and you're done - it serves the dashboard and accepts agent connections.
02 / install
Global npm package. The setup wizard chooses project folders, configures startup, and enrolls the machine with your cloud instance.
03 / watch
Your machine appears in the fleet, packages are indexed, and vulnerabilities are matched against OSV. Live heartbeats keep status current.
// features
Every feature ships by default. Nothing to configure beyond the initial setup.
The agent scans watched folders for package.json and requirements.txt. No code changes to your apps required.
Package versions are checked against the Open Source Vulnerability database with semver-range matching to catch indirect exposure.
Every enrolled machine reports to one dashboard. See cross-fleet exposure at a glance and drill into any machine instantly.
One click sends a patch command back to the agent. It updates the package and reports the new version automatically.
// dashboard