Native .node binaries execute on your servers. Snyk, Socket, and npm audit only check source code — not compiled machine code.
For security & compliance teams
The binary-level evidence your auditors are asking for.
Every npm install ships compiled native binaries that no security tool checks. BinShield decompiles them, classifies behavior with AI, and generates the audit-ready CycloneDX SBOMs that SOC 2, ISO 27001, and EU Cyber Resilience Act compliance require.
DevSecOpsCompliance teamsAppSec engineers
binshield — analysis
$
binshield scan bcrypt@6.0.0Scanning... 0%
ARTIFACTS4 binaries
bcrypt_lib.node18
bcrypt_lib.node15
bcrypt_lib.node12
napi.node8
BEHAVIORS3/6 detected
CRYPTO
FS
PROC
NET
OBFS
EXFIL
52MEDIUM
EVP_sha512uv_queue_worknapi_registerbcrypt_gensaltgetrandomnode_module_register
See it in action
How BinShield analyzes your dependencies
Watch a real binary analysis — from package scan to AI classification to CI report — in 25 seconds.
BinShield decompiles binaries, classifies 6 behavior categories with Grok AI, and generates CycloneDX SBOMs for compliance.
Binary-level documentation that SOC 2, ISO 27001, and EU Cyber Resilience Act auditors require. No other tool produces this.
Public database
Featured analyses
Browse the highest-signal compiled packages already surfaced in the BinShield database.
npm
@swc/core-linux-arm64-musl
@swc/core-linux-arm64-musl@1.15.21 exposes network, filesystem, process, crypto, obfuscation with overall critical risk.
npm
@rollup/rollup-linux-x64-musl
@rollup/rollup-linux-x64-musl@4.60.0 exposes network, filesystem, process, crypto with overall high risk.
npm
@swc/core-darwin-arm64
@swc/core-darwin-arm64@1.15.21 exposes network, filesystem, process, crypto with overall high risk.
npm
bufferutil
bufferutil@4.1.0 exposes crypto, filesystem, process, obfuscation with overall medium risk.
npm
node-screenshots
node-screenshots@0.2.8 exposes network, filesystem, process, crypto with overall medium risk.
npm
@rollup/rollup-linux-arm64-musl
@rollup/rollup-linux-arm64-musl@4.60.0 exposes network, filesystem, process, crypto with overall medium risk.
Platform capabilities
Beyond source code scanning
BinShield goes deeper than any other supply chain security tool — analyzing compiled binaries, correlating vulnerabilities, and monitoring the ecosystem in real time.
Vulnerability intelligence
Advisory Feed
Aggregated CVE and advisory data from OSV.dev, NVD, and GitHub Advisory Database — correlated with binary behavior analysis.
Real-time monitoring
Ecosystem Feed
Live monitoring of the npm registry for newly published native packages. Auto-scans and flags risky binaries before they reach your supply chain.
Supply chain scanning
Lockfile Scanner
Upload package-lock.json, yarn.lock, or pnpm-lock.yaml to get a complete risk assessment of every native dependency in your project.
Enterprise compliance
Security Reports
Generate audit-ready compliance reports for SOC 2, ISO 27001, and EU Cyber Resilience Act with binary-level evidence and executive summaries.
Who is this for?
Built for security and compliance teamsCompliance officersGenerate binary-level SBOMs for SOC 2, ISO 27001, and EU CRA audits.DevSecOps engineersBlock risky native binaries in CI with a GitHub Action.AppSec teamsMonitor packages for behavioral changes in compiled code.Get started freePublic database, 3 repos, 50 scans/month. No credit card needed.
How it works
3 steps to binary visibility- Scan — Point BinShield at your npm dependencies via GitHub Action, CLI, or API.
- Classify — AI decompiles every native binary and classifies behavior across 6 categories.
- Document — Get audit-ready risk scores, behavior reports, and CycloneDX SBOMs.