@getbastionai/gatepost 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Bastion
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,135 @@
+![Gatepost Banner](Image.png)
+
+# Gatepost
+
+**Gatepost** wraps your package managers and scans every install for malicious packages — before they touch your machine.
+
+Every install is checked against three layers of protection:
+
+| Check | What it catches |
+|---|---|
+| **Blocklist** | Known malicious packages by name |
+| **Typosquat detection** | Lookalikes of popular packages (e.g. `lodahs` → `lodash`) |
+| **CVE scanning** | Live vulnerability lookup via the [OSV.dev](https://osv.dev) API |
+
+If a package is flagged, the install is blocked. If it's clean, Gatepost steps aside — zero friction, zero overhead.
+
+---
+
+## Supported package managers
+
+| Ecosystem | Managers |
+|---|---|
+| **Node / JS** | `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, `bunx` |
+| **Python** | `pip`, `pip3`, `uv`, `poetry`, `pipx` |
+
+---
+
+## Installation
+
+```sh
+npm install -g @getbastionai/gatepost
+```
+
+That's it. Shell aliases are set up automatically — restart your terminal and every package manager command is protected.
+
+---
+
+## Usage
+
+After install, use your package managers exactly as you normally would:
+
+```sh
+npm install lodash
+yarn add axios
+pip install requests
+bun add hono
+npx create-react-app my-app
+uv add fastapi
+```
+
+Gatepost runs silently when everything is clean. Output only appears when something is flagged.
+
+### Blocked install
+
+```
+gatepost: install blocked
+
+  blocked  event-stream  Known malicious package
+```
+
+The install exits with code 1. Nothing was installed.
+
+### Warning (install proceeds)
+
+```
+gatepost: warning
+
+  warn  lodahs  Possible typosquat of "lodash"
+```
+
+Warnings are shown but the install is not blocked — you decide.
+
+---
+
+## Manual check
+
+Scan packages without installing them:
+
+```sh
+gatepost check express axios lodash
+```
+
+```
+  ok       express
+  ok       axios
+  ok       lodash
+
+All packages look clean.
+```
+
+---
+
+## Commands
+
+| Command | Description |
+|---|---|
+| `gatepost setup` | Add shell aliases (run once after install) |
+| `gatepost remove` | Remove shell aliases |
+| `gatepost check <pkg...>` | Scan packages without installing |
+| `gatepost <manager> [args]` | Run any manager with protection |
+
+---
+
+## How it works
+
+1. Shell aliases silently redirect `npm install foo` → `gatepost npm install foo`
+2. Gatepost extracts package names from the command arguments
+3. Three checks run in parallel: blocklist lookup, typosquat similarity, OSV CVE query
+4. Blocked packages exit with code 1 — nothing installs
+5. Warnings print to stderr but allow the install to continue
+6. Clean packages pass straight through to the real package manager
+
+If the OSV network request fails (offline or timeout), Gatepost warns and proceeds — it never blocks a legitimate workflow.
+
+---
+
+## Uninstall
+
+```sh
+gatepost remove
+npm uninstall -g @getbastionai/gatepost
+```
+
+---
+
+## Requirements
+
+- Node.js 16+
+- npm (for global install)
+
+---
+
+## License
+
+MIT

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@getbastionai/gatepost",
+  "version": "1.0.0",
+  "description": "Wraps npm, npx, yarn, pnpm, and pnpx to block malicious packages in real-time",
+  "scripts": {
+    "postinstall": "node ./src/index.js setup"
+  },
+  "bin": {
+    "gatepost": "./src/index.js"
+  },
+  "files": [
+    "src/"
+  ],
+  "keywords": [
+    "security",
+    "supply-chain",
+    "npm",
+    "malware",
+    "package-manager",
+    "typosquatting"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=16"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/GetBastion/gatepost.git"
+  }
+}

package/src/blocklist.js

@@ -0,0 +1,80 @@
+'use strict'
+
+// Known malicious packages sourced from npm security advisories,
+// GitHub Security Advisories, and public threat intelligence reports.
+const BLOCKLIST = new Set([
+  // Compromised/backdoored packages
+  'event-stream',
+  'flatmap-stream',
+  'node-ipc',
+  'ua-parser-js',
+  'coa',
+  'rc',
+  'colors',
+  'faker',
+
+  // Typosquatting - targeting popular packages
+  'crossenv',
+  'cross-env.js',
+  'ffmmpeg',
+  'babelcli',
+  'nodecaffe',
+  'nodefabric',
+  'node-fabric',
+  'nodeffmpeg',
+  'nodemysql',
+  'node-opencv',
+  'node-openssl',
+  'node-os',
+  'node-paint',
+  'node-pentest',
+  'node-sqlite',
+  'node-tkinter',
+  'nodecrypto',
+  'nodeftp',
+  'nodemailer-js',
+  'nodemailer.js',
+  'socketio',
+  'socket.io.js',
+  'discordie',
+  'mongose',
+  'mssql-node',
+  'mysqljs',
+  'node-sass-middleware',
+  'gruntcli',
+  'jquey',
+  'jquery.js',
+  'd3.js',
+  'require',
+  'loadash',
+  'momnet',
+  'expres',
+  'expresss',
+  'reakt',
+  'reactt',
+  'vue.js',
+  'vuejs',
+  'angularjs',
+  'lodahs',
+  'lodash.js',
+  'requets',
+  'requset',
+  'underscore.js',
+  'underscorejs',
+  'webpak',
+  'webpackk',
+  'axio',
+  'axxios',
+  'dotenv.js',
+
+  // Known credential stealers (public reports)
+  'electron-native-notify',
+  'getcookies',
+  'http-fetch-client',
+  'aws-sdk-config',
+  'node-browserify',
+  'nodecookies',
+  'xss-payloads',
+])
+
+module.exports = { BLOCKLIST }

package/src/check.js

@@ -0,0 +1,142 @@
+'use strict'
+
+const https = require('https')
+const { BLOCKLIST } = require('./blocklist')
+const { POPULAR_PACKAGES } = require('./typosquat')
+
+// Levenshtein distance — measures edit distance between two strings
+function levenshtein(a, b) {
+  const m = a.length, n = b.length
+  const dp = []
+  for (let i = 0; i <= m; i++) {
+    dp[i] = [i]
+    for (let j = 1; j <= n; j++) {
+      dp[i][j] = i === 0
+        ? j
+        : a[i - 1] === b[j - 1]
+          ? dp[i - 1][j - 1]
+          : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1])
+    }
+  }
+  return dp[m][n]
+}
+
+// Parse the canonical package name from an install arg
+// Handles: lodash, lodash@4.x, @types/node, @types/node@18.0.0
+function parsePkgName(arg) {
+  if (arg.startsWith('@')) {
+    const match = arg.match(/^(@[^/]+\/[^@]+)/)
+    return match ? match[1] : null
+  }
+  const name = arg.split('@')[0]
+  return name || null
+}
+
+// Skip non-package args (URLs, file paths, git refs)
+function isPackageName(arg) {
+  if (!arg || arg.startsWith('-')) return false
+  if (arg.startsWith('git+') || arg.startsWith('github:') ||
+      arg.startsWith('gitlab:') || arg.startsWith('bitbucket:') ||
+      arg.startsWith('file:') || arg.startsWith('http') ||
+      arg.startsWith('.') || arg.startsWith('/')) return false
+  return true
+}
+
+// Check for typosquatting against popular packages
+function checkTyposquat(pkgName, ecosystem = 'npm') {
+  const { POPULAR_PYTHON_PACKAGES } = require('./typosquat')
+  const pool = ecosystem === 'PyPI' ? POPULAR_PYTHON_PACKAGES : POPULAR_PACKAGES
+
+  // Use the local name for scoped npm packages: @types/node -> node
+  const localName = pkgName.startsWith('@')
+    ? pkgName.split('/')[1] || ''
+    : pkgName
+
+  const lower = localName.toLowerCase()
+  if (lower.length < 4) return null
+
+  for (const popular of pool) {
+    if (lower === popular.toLowerCase()) return null // exact match, not a typosquat
+    const dist = levenshtein(lower, popular.toLowerCase())
+    if (dist >= 1 && dist <= 2) return popular
+  }
+  return null
+}
+
+// Query the OSV.dev API for known vulnerabilities
+function queryOSV(pkgName, ecosystem = 'npm') {
+  return new Promise((resolve) => {
+    const body = JSON.stringify({
+      package: { name: pkgName, ecosystem },
+    })
+
+    const req = https.request({
+      hostname: 'api.osv.dev',
+      path: '/v1/query',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body),
+      },
+      timeout: 5000,
+    }, (res) => {
+      let data = ''
+      res.on('data', chunk => { data += chunk })
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(data)
+          resolve(json.vulns && json.vulns.length > 0 ? json.vulns : null)
+        } catch {
+          resolve(null)
+        }
+      })
+    })
+
+    req.on('error', () => resolve(null))
+    req.on('timeout', () => { req.destroy(); resolve(null) })
+    req.write(body)
+    req.end()
+  })
+}
+
+// Check a single package — returns { pkg, issues[] }
+async function checkPackage(arg, ecosystem = 'npm') {
+  const pkgName = ecosystem === 'npm' ? parsePkgName(arg) : arg.trim()
+  if (!pkgName) return { pkg: arg, issues: [] }
+
+  const issues = []
+
+  // 1. Hard blocklist
+  if (BLOCKLIST.has(pkgName)) {
+    issues.push({ type: 'blocklist', severity: 'block', message: 'Known malicious package' })
+  }
+
+  // 2. Typosquatting
+  const similar = checkTyposquat(pkgName, ecosystem)
+  if (similar) {
+    issues.push({ type: 'typosquat', severity: 'warn', message: `Possible typosquat of "${similar}"` })
+  }
+
+  // 3. OSV vulnerability database
+  const vulns = await queryOSV(pkgName, ecosystem)
+  if (vulns) {
+    const count = vulns.length
+    issues.push({
+      type: 'vuln',
+      severity: 'warn',
+      message: `${count} known vulnerabilit${count === 1 ? 'y' : 'ies'} found in OSV database`,
+      vulns,
+    })
+  }
+
+  return { pkg: pkgName, issues }
+}
+
+// Check multiple packages in parallel
+async function checkPackages(args, ecosystem = 'npm') {
+  const packageArgs = args.filter(isPackageName)
+  if (packageArgs.length === 0) return []
+  return Promise.all(packageArgs.map(a => checkPackage(a, ecosystem)))
+}
+
+module.exports = { checkPackages, parsePkgName, isPackageName }

package/src/index.js

@@ -0,0 +1,222 @@
+#!/usr/bin/env node
+'use strict'
+
+const { spawnSync } = require('child_process')
+const { checkPackages } = require('./check')
+const { setup, remove } = require('./setup')
+
+const MANAGERS = ['npm', 'npx', 'yarn', 'pnpm', 'pnpx', 'bun', 'bunx', 'pip', 'pip3', 'uv', 'poetry', 'pipx']
+
+// Ecosystem per manager — used for OSV API queries
+const ECOSYSTEMS = {
+  npm: 'npm', npx: 'npm', yarn: 'npm', pnpm: 'npm', pnpx: 'npm',
+  bun: 'npm', bunx: 'npm',
+  pip: 'PyPI', pip3: 'PyPI', uv: 'PyPI', poetry: 'PyPI', pipx: 'PyPI',
+}
+
+// Subcommands that trigger a package install (null = the command itself is the package)
+const INSTALL_SUBCMDS = {
+  npm:    ['install', 'i', 'add', 'ci'],
+  yarn:   ['add'],
+  pnpm:   ['add', 'install', 'i'],
+  npx:    null,
+  pnpx:   null,
+  bun:    ['add', 'install', 'i'],
+  bunx:   null,
+  pip:    ['install'],
+  pip3:   ['install'],
+  uv:     ['add', 'pip install'],  // handled specially below
+  poetry: ['add'],
+  pipx:   ['install', 'run'],
+}
+
+// ANSI colors
+const c = {
+  red:    s => `\x1b[31m${s}\x1b[0m`,
+  yellow: s => `\x1b[33m${s}\x1b[0m`,
+  green:  s => `\x1b[32m${s}\x1b[0m`,
+  bold:   s => `\x1b[1m${s}\x1b[0m`,
+  dim:    s => `\x1b[2m${s}\x1b[0m`,
+}
+
+function printHelp() {
+  console.log(`
+${c.bold('gatepost')} — secure your package installs
+
+${c.bold('Usage:')}
+  gatepost setup              Install shell aliases (run once)
+  gatepost remove             Remove shell aliases
+  gatepost check <pkg...>     Manually check packages
+  gatepost <manager> [args]   Run a package manager with protection
+
+${c.bold('Examples:')}
+  gatepost setup
+  gatepost npm install lodash
+  gatepost check express axios
+
+${c.bold('Supported managers:')}
+  npm, npx, yarn, pnpm, pnpx, bun, bunx
+  pip, pip3, uv, poetry, pipx
+
+After running ${c.bold('gatepost setup')}, your package managers are
+automatically protected — no need to type "gatepost" each time.
+`)
+}
+
+// Run the real package manager, stripping our shim dir from PATH to avoid recursion
+function passThrough(manager, args) {
+  const result = spawnSync(manager, args, {
+    stdio: 'inherit',
+    env: {
+      ...process.env,
+      // Remove ~/.gatepost from PATH if present (shim recursion guard)
+      PATH: (process.env.PATH || '').split(':')
+        .filter(p => !p.includes('.gatepost'))
+        .join(':'),
+    },
+  })
+  process.exit(result.status ?? 0)
+}
+
+// Extract package names from install args (skip flags and subcommand)
+function extractPackages(manager, args) {
+  // Single-package executors — first non-flag arg is the package
+  if (['npx', 'pnpx', 'bunx'].includes(manager)) {
+    const pkg = args.find(a => !a.startsWith('-'))
+    return pkg ? [pkg] : []
+  }
+
+  // uv has two install forms: `uv add pkg` and `uv pip install pkg`
+  if (manager === 'uv') {
+    const rest = args[0] === 'pip' ? args.slice(2) : args.slice(1)
+    return rest.filter(a => !a.startsWith('-')).map(stripPythonVersion)
+  }
+
+  // pip/pip3/poetry/pipx — skip subcommand, grab non-flag args
+  if (['pip', 'pip3', 'poetry', 'pipx'].includes(manager)) {
+    const rest = args.slice(1)
+    return rest.filter(a => !a.startsWith('-')).map(stripPythonVersion)
+  }
+
+  // npm/yarn/pnpm/bun — skip subcommand, grab non-flag args
+  const rest = args.slice(1)
+  return rest.filter(a => !a.startsWith('-'))
+}
+
+// Strip Python version specifiers: requests==2.28.0 -> requests, flask[async] -> flask
+function stripPythonVersion(arg) {
+  return arg.replace(/[=<>!~^].*/,'').replace(/\[.*\]/, '').trim()
+}
+
+async function runWrapped(manager, args) {
+  const installSubcmds = INSTALL_SUBCMDS[manager]
+  const subCmd = args[0]
+
+  // Not an install command — pass straight through
+  const isInstall = installSubcmds === null
+    ? true
+    : installSubcmds.includes(subCmd)
+
+  if (!isInstall) {
+    return passThrough(manager, args)
+  }
+
+  const pkgs = extractPackages(manager, args)
+
+  // No explicit packages — installing from lockfile, pass through
+  if (pkgs.length === 0) {
+    return passThrough(manager, args)
+  }
+
+  const ecosystem = ECOSYSTEMS[manager] || 'npm'
+  process.stderr.write(c.dim(`gatepost: checking ${pkgs.join(', ')}...\n`))
+
+  let results
+  try {
+    results = await checkPackages(pkgs, ecosystem)
+  } catch {
+    // Network failure — warn and proceed
+    process.stderr.write(c.yellow('gatepost: security check failed (network error), proceeding anyway\n'))
+    return passThrough(manager, args)
+  }
+
+  const blocked = results.filter(r => r.issues.some(i => i.severity === 'block'))
+  const warned  = results.filter(r => r.issues.some(i => i.severity === 'warn') && !blocked.find(b => b.pkg === r.pkg))
+
+  if (blocked.length > 0) {
+    console.error(c.red(c.bold('\ngatepost: install blocked\n')))
+    for (const r of blocked) {
+      for (const issue of r.issues) {
+        console.error(`  ${c.red('blocked')}  ${c.bold(r.pkg)}  ${issue.message}`)
+      }
+    }
+    console.error('')
+    process.exit(1)
+  }
+
+  if (warned.length > 0) {
+    console.error(c.yellow(c.bold('\ngatepost: warning\n')))
+    for (const r of warned) {
+      for (const issue of r.issues) {
+        console.error(`  ${c.yellow('warn')}  ${c.bold(r.pkg)}  ${issue.message}`)
+      }
+    }
+    console.error('')
+  }
+
+  passThrough(manager, args)
+}
+
+async function manualCheck(pkgs) {
+  if (pkgs.length === 0) {
+    console.error('Usage: gatepost check <package...>')
+    process.exit(1)
+  }
+
+  console.log(c.dim(`Checking ${pkgs.length} package(s) against blocklist, typosquatting, and OSV database...\n`))
+
+  const results = await checkPackages(pkgs)
+
+  let allClear = true
+  for (const r of results) {
+    if (r.issues.length === 0) {
+      console.log(`  ${c.green('ok')}      ${c.bold(r.pkg)}`)
+    } else {
+      allClear = false
+      for (const issue of r.issues) {
+        const label = issue.severity === 'block' ? c.red('blocked') : c.yellow('warn')
+        console.log(`  ${label}  ${c.bold(r.pkg)}  ${issue.message}`)
+      }
+    }
+  }
+
+  if (allClear) {
+    console.log(c.green('\nAll packages look clean.'))
+  }
+}
+
+// --- CLI router ---
+const args = process.argv.slice(2)
+const command = args[0]
+
+if (!command || command === '--help' || command === '-h') {
+  printHelp()
+} else if (command === 'setup') {
+  setup()
+} else if (command === 'remove' || command === 'uninstall') {
+  remove()
+} else if (command === 'check') {
+  manualCheck(args.slice(1)).catch(err => {
+    console.error('Error:', err.message)
+    process.exit(1)
+  })
+} else if (MANAGERS.includes(command)) {
+  runWrapped(command, args.slice(1)).catch(err => {
+    console.error('gatepost error:', err.message)
+    process.exit(1)
+  })
+} else {
+  console.error(`Unknown command: ${command}`)
+  printHelp()
+  process.exit(1)
+}

package/src/setup.js

@@ -0,0 +1,75 @@
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+const os = require('os')
+
+const MANAGERS = ['npm', 'npx', 'yarn', 'pnpm', 'pnpx', 'bun', 'bunx', 'pip', 'pip3', 'uv', 'poetry', 'pipx']
+const MARKER_START = '# gatepost-start'
+const MARKER_END = '# gatepost-end'
+
+function buildAliasBlock() {
+  const aliases = MANAGERS.map(m => `alias ${m}='gatepost ${m}'`).join('\n')
+  return `\n${MARKER_START}\n${aliases}\n${MARKER_END}\n`
+}
+
+function getShellConfigs() {
+  const home = os.homedir()
+  return [
+    path.join(home, '.zshrc'),
+    path.join(home, '.bashrc'),
+    path.join(home, '.bash_profile'),
+    path.join(home, '.profile'),
+  ].filter(f => fs.existsSync(f))
+}
+
+function setup() {
+  const block = buildAliasBlock()
+  const configs = getShellConfigs()
+
+  if (configs.length === 0) {
+    console.log('No shell config file found. Add these aliases manually:\n')
+    console.log(block)
+    return
+  }
+
+  let updated = 0
+  for (const config of configs) {
+    const contents = fs.readFileSync(config, 'utf8')
+    if (contents.includes(MARKER_START)) {
+      console.log(`  Already configured: ${config}`)
+      continue
+    }
+    fs.appendFileSync(config, block)
+    console.log(`  Updated: ${config}`)
+    updated++
+  }
+
+  if (updated > 0) {
+    console.log('\nGatepost is set up. Restart your terminal or run:')
+    console.log('  source ~/.zshrc\n')
+    console.log('After that, npm, npx, yarn, pnpm, and pnpx will be protected automatically.')
+  }
+}
+
+function remove() {
+  const configs = getShellConfigs()
+  const re = new RegExp(`\\n${MARKER_START}[\\s\\S]*?${MARKER_END}\\n`, 'g')
+
+  let removed = 0
+  for (const config of configs) {
+    const contents = fs.readFileSync(config, 'utf8')
+    if (!contents.includes(MARKER_START)) continue
+    fs.writeFileSync(config, contents.replace(re, '\n'))
+    console.log(`  Removed aliases from: ${config}`)
+    removed++
+  }
+
+  if (removed === 0) {
+    console.log('No Gatepost aliases found to remove.')
+  } else {
+    console.log('\nGatepost removed. Restart your terminal to apply.')
+  }
+}
+
+module.exports = { setup, remove }

package/src/typosquat.js

@@ -0,0 +1,51 @@
+'use strict'
+
+// Top npm packages by download count — used for typosquatting detection.
+// If a package name is within edit distance 1-2 of one of these, it's flagged.
+const POPULAR_PACKAGES = [
+  'lodash', 'express', 'react', 'chalk', 'commander', 'axios', 'moment',
+  'webpack', 'babel', 'typescript', 'eslint', 'prettier', 'jest', 'mocha',
+  'dotenv', 'mongoose', 'sequelize', 'socket.io', 'nodemailer', 'passport',
+  'bcrypt', 'jsonwebtoken', 'cors', 'helmet', 'morgan', 'body-parser',
+  'uuid', 'underscore', 'async', 'request', 'superagent', 'got', 'node-fetch',
+  'inquirer', 'yargs', 'minimist', 'glob', 'rimraf', 'mkdirp', 'fs-extra',
+  'path', 'events', 'stream', 'buffer', 'util', 'crypto', 'http', 'https',
+  'vue', 'angular', 'svelte', 'next', 'nuxt', 'gatsby',
+  'react-dom', 'react-router', 'redux', 'mobx', 'zustand',
+  'vite', 'rollup', 'parcel', 'esbuild',
+  'prettier', 'husky', 'lint-staged',
+  'prisma', 'typeorm', 'knex', 'redis', 'ioredis',
+  'sharp', 'jimp', 'multer', 'formidable',
+  'ws', 'uws', 'fastify', 'koa', 'hapi', 'restify',
+  'pm2', 'nodemon', 'concurrently',
+  'cheerio', 'puppeteer', 'playwright',
+  'aws-sdk', 'firebase', 'supabase',
+  'tailwindcss', 'postcss', 'autoprefixer',
+  'zod', 'joi', 'yup', 'ajv',
+  'date-fns', 'luxon', 'dayjs',
+  'ramda', 'immer', 'immutable',
+  'rxjs', 'bluebird', 'p-limit',
+  'semver', 'acorn', 'terser',
+]
+
+// Top PyPI packages by download count
+const POPULAR_PYTHON_PACKAGES = [
+  'requests', 'numpy', 'pandas', 'flask', 'django', 'fastapi', 'sqlalchemy',
+  'pytest', 'boto3', 'pydantic', 'celery', 'redis', 'pillow', 'scipy',
+  'matplotlib', 'tensorflow', 'torch', 'scikit-learn', 'transformers',
+  'cryptography', 'paramiko', 'fabric', 'ansible', 'click', 'typer',
+  'httpx', 'aiohttp', 'uvicorn', 'gunicorn', 'starlette', 'fastapi',
+  'alembic', 'marshmallow', 'attrs', 'pyyaml', 'toml', 'dotenv',
+  'python-dotenv', 'rich', 'loguru', 'arrow', 'pendulum', 'dateutil',
+  'six', 'packaging', 'setuptools', 'wheel', 'pip', 'virtualenv',
+  'black', 'mypy', 'flake8', 'pylint', 'isort', 'bandit',
+  'docker', 'kubernetes', 'google-cloud', 'azure', 'openai', 'anthropic',
+  'langchain', 'opentelemetry', 'prometheus-client', 'psutil',
+  'psycopg2', 'pymongo', 'motor', 'elasticsearch', 'stripe',
+  'twilio', 'sendgrid', 'jinja2', 'werkzeug', 'itsdangerous',
+  'lxml', 'beautifulsoup4', 'selenium', 'playwright', 'scrapy',
+  'PyJWT', 'bcrypt', 'passlib', 'authlib',
+  'tqdm', 'tabulate', 'openpyxl', 'xlrd',
+]
+
+module.exports = { POPULAR_PACKAGES, POPULAR_PYTHON_PACKAGES }