Browse categories
Explore
Fiverr Pro
English
$
USD
Looks Like This Service Is On Hold
I will audit your npm or pip dependencies for security vulnerabilities
United States
I speak English, Spanish
Cybersecurity Specialist Penetration Testing and Security Audits
Cybersecurity professional offering penetration testing, vulnerability assessments, and network security audits. I identify security gaps using industry-standard tools before attackers do. Every engag...
About this Gig
Are your dependencies hiding security risks? Recent supply chain attacks like the axios npm compromise prove that one vulnerable package can take down your entire application.
I will scan your npm, pip, or container project for known vulnerabilities, leaked secrets, and compromised packages using professional-grade tools including Semgrep, TruffleHog, GitLeaks, Nuclei, pip-audit, npm audit, Trivy, Grype, and Burp Suite. Every automated finding is manually verified to eliminate false positives.
What you get:
- A professional security audit report with CVSS severity ratings
- Exact remediation steps for every finding
- Identification of compromised or malicious packages
- Secrets and credential leak detection
- CI/CD configuration and container security review
- Prioritized fix recommendations you can implement immediately
See my portfolio for a sample report showing exact deliverable quality.
This service is ideal for:
- Startups shipping fast without a dedicated security team
- Teams preparing for SOC 2 or compliance audits
- Projects using open source dependencies at scale
- Anyone who has never audited their dependency tree
Fast turnaround. Confidential. Thorough.
Development technology:
Other
Expertise:
Clean Code
•
Error handling
•
Other
My Portfolio
FAQ
What do I need to provide?
Your package.json or requirements.txt file, plus access to your repository if you want a deeper scan. I can also work with lock files like package-lock.json or Pipfile.lock.
Is my code kept confidential?
All scans are performed locally on my own hardware using open-source security tools. Your code is never uploaded to third-party services. All files are deleted after delivery. I can sign an NDA if required.
What languages and package managers do you support?
npm, pip, yarn, pipenv, and poetry. I can also scan Docker containers and CI/CD configs for the Standard and Premium tiers.
What tools do you use for scanning?
I use industry-standard tools including Semgrep for static analysis, TruffleHog and GitLeaks for secrets detection, Nuclei for vulnerability scanning, pip-audit and npm audit for dependency checks, Trivy and Grype for container scanning, and Burp Suite for manual testing. Every finding is manually
Do I get a written report?
Yes. Every package includes a professional security audit report with an executive summary, detailed findings with severity ratings (CVSS), step-by-step reproduction instructions, and prioritized remediation guidance. A sample report is available in my portfolio.
