Koidex
Koidex detects and eliminates security risks in software your teams rely on — extensions, packages, apps, and AI models — across major marketplaces.
At a Glance
About Koidex
Koidex is a security intelligence platform powered by Koi that helps organizations quickly detect and eliminate risks in the software their teams install and use daily. It covers browser extensions, IDE plugins, npm packages, AI models, and more across major marketplaces including VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, and npm. Koidex uses an agentic risk engine that analyzes what software is actually made of — going past labels to real composition and behavior — rather than relying on guesswork or signatures. It surfaces newly caught malware in the wild through its "Catch of the Day" feed and publishes original threat research.
- Agentic Risk Engine: Uses AI-driven, agentic analysis to inspect the real composition and behavior of extensions, packages, and apps — not just metadata or labels.
- Multi-Marketplace Coverage: Scans and monitors software across VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, npm, PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, and Visual Studio.
- Discovery: Tracks and manages every piece of software the moment it enters your ecosystem, giving full visibility into installed tools.
- Guardrails: Enforces policies to prevent risky or unauthorized software from being used by your teams.
- Governance: Provides oversight and control over the software supply chain across your organization.
- Remediation: Identifies and helps resolve threats found in installed software, reducing exposure quickly.
- Catch of the Day: A live feed of newly discovered malware found in the wild across popular marketplaces, backed by original threat research.
- VS Code Extension: A dedicated Koidex extension for Visual Studio Code lets developers check extension risk directly from their IDE.
- Enterprise Support: Extended coverage for PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, Visual Studio, and OpenVSX is available for enterprise customers.
Community Discussions
Be the first to start a conversation about Koidex
Share your experience with Koidex, ask questions, or help others learn from your insights.
Pricing
Free
Free access to Koidex for individual users to search and view security reports for extensions, packages, and apps.
- Search extensions and packages across supported marketplaces
- View security risk reports
- Access Catch of the Day malware feed
- VS Code extension support
Enterprise
Enterprise plan with extended marketplace coverage, discovery, guardrails, governance, and remediation for teams.
- All free features
- PyPI coverage
- Hugging Face coverage
- MCP coverage
- Office Add-ins coverage
- Homebrew coverage
- Visual Studio coverage
- OpenVSX coverage
- Discovery: track every software install
- Guardrails enforcement
- Governance and policy management
- Remediation guidance
- Demo and custom onboarding
Capabilities
Key Features
- Agentic risk engine for software composition and behavior analysis
- Multi-marketplace scanning (VS Code, JetBrains, Chrome, Edge, Firefox, npm, etc.)
- Discovery: track every software install in your ecosystem
- Guardrails to block risky or unauthorized software
- Governance and policy enforcement
- Remediation guidance for detected threats
- Catch of the Day: live malware feed from the wild
- Original threat research and publications
- VS Code extension for in-IDE risk checking
- Enterprise coverage for PyPI, Hugging Face, MCP, Office Add-ins, Homebrew