Perplexity has launched Bumblebee, an open-source security utility written in Go designed to safeguard the local environments of software engineers. Originally developed for internal use, this tool addresses critical software supply chain risks by identifying malicious packages and extensions residing on developer machines. It provides coverage across four key vectors including language package managers, AI tool configurations, browser extensions, and code editor plugins, supporting both macOS and Linux systems.
Unlike traditional scanners that might inadvertently trigger infections by executing native managers, Bumblebee utilizes a read-only metadata architecture. This approach ensures total safety because the tool never executes code or reads source files; instead, it parses manifest and lock files in isolation. It validates local software against deterministic JSON catalogs sourced from GitHub or private enterprise repositories. This shift represents a proactive move compared to pipeline-focused security, targeting the very first step in the development lifecycle.
