v2.0.4 Import hook + MCP integration

Supply chain security for teams
without security teams.

1,700 North Korean packages infiltrated npm and PyPI. Traditional antivirus found nothing. Our AI-powered static analysis engine catches them before they run.

Get started See it live → Book enterprise demo
35 blocked live
1,700+ tracked in active campaign
0 traditional AV detections
- intercepts live
CISA DOCUMENTED

The supply chain attack that nobody detected.

In early 2026, North Korean state hackers published over 1,700 malicious packages to npm and PyPI. The packages looked legitimate. The code passed review. Traditional antivirus found nothing.

The malicious payload only triggers when specific functions are called — not at install time. By then, it's already in your node_modules or site-packages, waiting.

stillrunning intercepts at install time, before the code ever runs.

Sources: CISA Advisory OSV Database The Hacker News

The complete security stack in one agent.

Six layers of protection. One install command. No security team required.

🔬
pkl-inspector
Static Analysis
AST parsing, entropy analysis, and pickle inspection. Catches obfuscated malware without executing it. Patent pending.
🛡
guard daemon
Always-On Protection
Watches processes, detects suspicious behavior, blocks threats in real-time. Auto-learns your whitelist.
🚧
npm/pip intercept
Install Interception
Wraps package managers. Checks against live threat database + AI review for unknown packages. Blocks before install.
🪤
tripwire
Secret File Alerts
Instant alerts when .env, SSH keys, or credentials are accessed. Know immediately if malware touches your secrets.
🔐
file integrity
SHA256 Monitoring
Hash-based monitoring for critical files. Detects unauthorized modifications to config, keys, and binaries.
🤖
AI ops
Autonomous Response
AI crash diagnosis, automatic restart, and plain-English explanations. Reply to any alert to ask questions.

How stillrunning intercepts attacks

npm install express dependency resolution stillrunning intercepts hash check static scan CLEAN or BLOCKED

Every package checked against our live threat database. Updated every 60 minutes.

Running on real infrastructure.
With real money.

stillrunning protects our own Bitcoin trading bot — 24/7 since March 2026. 6 screen sessions, Coinbase API integration, autonomous trading with real capital.

This isn't a demo. It's our production system. Same infrastructure you'll get.

88
Claude Code sessions
99.9%
uptime
6
daemons monitored
0
security incidents
$ screen -ls
btcbot (04/12/26 19:28:14) (Detached)
dashboard (04/12/26 22:01:48) (Detached)
layer0 (04/12/26 22:01:48) (Detached)
tweeter (04/12/26 22:01:48) (Detached)
guard (04/12/26 08:26:04) (Detached)
videomaker (04/12/26 08:26:02) (Detached)
6 Sockets in /run/screen/S-root.

Works with every AI coding agent

stillrunning protects your stack no matter which AI tool you use.

Claude Code
Cursor
Devin
Replit
GitHub Copilot
Windsurf
Aider
Any pip/npm agent
See setup for your agent →

Simple pricing. Start free.

14-day money-back guarantee on all paid plans. Cancel within 14 days for a full refund, no questions asked.

FREE
$0
Try it out
  • Guard daemon (always-on)
  • npm/pip intercept
  • Live threat rules (hourly updates)
  • 10 scans/day
  • 1 machine
Install free
PERSONAL
$9/month
Solo developers
  • Everything in Free
  • 100 scans/day
  • Telegram + email alerts
  • Email support
Get started
BASIC
$29/month
Indie builders
  • Everything in Personal
  • yourname.stillrunning.io dashboard
  • Monday weekly reports
  • Uptime milestone alerts
  • 3 machines
Get started
AI
$49/month
Teams that want answers
  • Everything in Basic
  • AI crash diagnosis
  • Reply to alerts — AI answers
  • Crash pattern detection
  • Unlimited machines
  • Priority support
Get started

Replace $50k/year of enterprise tools.

You're paying for tools that don't talk to each other. We combine them into one agent at a fraction of the cost.

Tool Annual cost What stillrunning replaces
CrowdStrike Falcon ~$200,000/yr Endpoint protection, threat hunting, process monitoring
Snyk ~$20,000/yr Dependency scanning, supply chain security
Datadog ~$30,000/yr Process monitoring, uptime tracking, alerting
PagerDuty ~$25,000/yr Alert routing, incident response, on-call management
stillrunning Enterprise $5,988/yr All of the above, unified in one agent
ENTERPRISE
$499/month
For security-conscious teams without dedicated security staff.
  • SSO (Google, Okta, Azure AD)
  • SIEM integration (Splunk, Elastic, OpenSearch)
  • Monthly PDF compliance reports
  • RBAC (admin/viewer/responder roles)
  • Custom threat detection rules
  • 99.9% uptime SLA
  • Dedicated Slack channel
Book a demo
ENTERPRISE+
$2,499/month
For regulated industries with compliance requirements.
  • Everything in Enterprise
  • On-premise deployment option
  • Custom data residency
  • SOC2 Type II report
  • Annual penetration test report
  • 4-hour SLA response time
  • Dedicated account manager
Book a demo

50-person company? No dedicated security team? We built this for you.

Book a 15-minute demo

Live Security Dashboard

Browse our public threat database. See what we're blocking in real-time.

View security advisories

Built on open source.

The core tools are free. Enterprise features are what you pay for.

📦
stillrunning
Process monitoring agent with auto-restart, email/Telegram alerts, and AI crash diagnosis.
PyPI GitHub
🔬
pkl-inspector
Patent Pending
Static analysis for Python pickle files. Catches malicious __reduce__ calls without execution.
PyPI GitHub
🤖
agentkit
Framework for building autonomous AI agents. Powers our AI crash diagnosis and response system.
PyPI GitHub

Install in 60 seconds.

Linux
Mac
Windows
Docker
Raspberry Pi
curl -sSL https://stillrunning.io/install | python3 - --token YOUR_TOKEN
brew install stillrunning && stillrunning --setup --token YOUR_TOKEN
iwr -useb https://stillrunning.io/install.ps1 | iex
docker run -d --name stillrunning \
-e TOKEN=YOUR_TOKEN \
johhnyg/stillrunning:latest
curl -sSL https://stillrunning.io/install | python3 - --token YOUR_TOKEN

Works on Linux, Mac, Windows, Raspberry Pi, Docker. If it runs Python, it runs stillrunning.

Show you're protected.

Add the stillrunning badge to your GitHub README.

Protected by stillrunning
![Protected by stillrunning](https://stillrunning.io/badge/protected)