Koidex

One question and Huge Praise!!

Is it plug and play thing so vibe coder can also use?

Man the design on home page is really freaking awesome that I have seen in a while

Congrats Amit and team on the launch of Koidex! The shift to behavior-based scoring rather than just static CVE lists is exactly what the ecosystem needs right now. We often pull down HuggingFace models or npm packages incredibly fast in tools like Cursor and Windsurf, making the inclusion of Koidex's real-time IDE extension highly strategic. It brings that necessary "one-click due diligence" directly to the workflow without adding friction. Out of curiosity, does your scoring pipeline also continuously re-evaluate these models/packages if their upstream dependencies unexpectedly push new versions or change network patterns? Would love to see this become the standard for package management.

Love this and at Digia we constantly see how blindly dependencies get installed, so a quick “trust check before install” feels like something the ecosystem really needed.

Very much needed in this AI era. Congrats on your launch!

this sound really cool, congrats!i'll test it on my WordPress MCP - https://www.npmjs.com/package/@respira/wordpress-mcp-server

Trust is the biggest hurdle for AI adoption right now. I've been focusing on "intent locking" to stop AI agents from adding unsolicited features or over-engineering code, but the security side is just as critical.

Is Koidex primarily looking at malicious code patterns, or can it also detect when an AI model starts behaving "off-spec" during long sessions? Great tool for the current ecosystem!

A product like this could help other startups overcome a trust barrier. Maybe we could put a "koidex badge" on our site to independently prove safety!Congrats on the launch!

👋 Hey Product Hunt! I’m Amit, Co-founder of Koi.Today we’re launching Koidex. It helps you quickly check whether a package, extension, or AI model looks safe before it enters your stack.Try it here: Koidex → https://dex.koi.security/?ref=producthunt📖 Why We Built ItWe’re the research team behind the discoveries of GlassWorm, ShadyPanda, and PhantomRaven, and we’ve seen how easily malicious code hides in “normal” developer tooling.To prove how fast these blind spots get targeted, we ran a blunt test: we published a harmless lookalike VS Code theme and saw installs from large-company networks within 30 minutes. The industry knows these threats exist, but workflows haven’t changed. That was the moment we realized: “one-click install” needs “one-click due diligence.”💡 What You Can Do With Koidex Today🔍 Unified Search: One place to check VS Code, Chrome, JetBrains, npm, and Hugging Face, and more.🧠 Behavior-Based Scoring: Focuses on what the code actually does, not just what the listing claims.🧾 Readable Risk Summaries: Vulnerabilities, deep dependencies, permissions, and publisher signals.🐟 Catch of the Day: Fresh suspicious or malicious items spotted in the wild.👨🏻‍💻 Koidex IDE Extension: Scans installed extensions and flags risky installs in real time across VS Code, Cursor, Windsurf, VSCodium, and more.🎁 Product Hunt Launch OfferFirst 200 registrants via the Product Hunt link get unlimited searches for 2 weeks. Sign up here: https://dex.koi.security/?ref=producthunt🙏 What I’d Love Feedback OnWhat ecosystem should we evaluate next?What’s the one signal you wish you had before installing something?If you try it, drop a package, extension, or model you use and tell me if the rating matches your gut.I’m here in the comments!