Arnica’s co‑founder released DepsGuard, a single‑file Rust binary that hardens npm, pnpm, Yarn, Bun and UV configurations against supply‑chain attacks. The tool automatically detects missing cooldown settings—minimum release age, script disabling, and other recommended flags—and offers an interactive TUI to apply fixes. By backing up each file before editing, it removes the manual hassle that deters many developers today.

DepsGuard scans both user‑level and repository‑level config files, presents a table of findings, and lets users toggle changes before committing. Supported options include min‑release‑age (days, minutes or seconds depending on the manager), ignore‑scripts, block‑exotic‑subdeps, no‑downgrade trust policies and strict‑dep‑builds, plus Renovate and Dependabot cooldowns. The binary ships for Linux, macOS and Windows via Homebrew, APT, Scoop and WinGet across platforms.

The utility’s MIT license means anyone can run it without accounts or telemetry, and a timestamped backup enables instant rollback via the built‑in restore command. Early anecdotes show a seven‑day gate would have blocked fast‑moving malicious releases like the @bitwarden/cli 2026.4.0 incident. Developers can install DepsGuard with a single cargo, brew or apt command and now immediately tighten their supply‑chain defenses.