Free · Open Source · AGPL-3.0

Recorded
before it happened.

A free, public archive of the software supply chain. Every captured version SHA-384 fingerprinted, permanently archived, and independently verifiable — before any attack is disclosed. Every npm publish monitored in real time. Growing coverage across 8 ecosystems.

—

Snapshots

—

Packages

—

On-Demand Captures

Ecosystems

Cost

npm npm Registry npmjs.com ↗ PyPI Python pypi.org ↗ Cargo Rust crates.io ↗ GitHub Repos github.com ↗ NuGet .NET nuget.org ↗ Maven Java maven.org ↗ Ruby RubyGems rubygems.org ↗ PHP Packagist packagist.org ↗

🔒 How retention works: Every captured manifest is written to the permanent GitHub archive The live database is then pruned periodically, keeping the 3 most recent versions per package plus any flagged/threat-alert records always. Rows that have never been archived (no manifest path) are also never deleted. Older unflagged records are removed from the live index only — their manifests remain in the GitHub archive and are still fully verifiable at prechained.com/verify.

Live capture waterfall

● live

Package

Fingerprint

Ecosystem

Captured

Loading feed...

0 shown · — total ● live stats · archive updated every 10 minutes

No login. No signup. No upload. Every package Prechained captures is SHA-384 fingerprinted at the moment of capture and permanently archived to GitHub. When an attack is disclosed, the pre-incident receipt already exists — proof of what the package contained before anything changed.

Free forever

AGPL-3.0

npm real-time monitoring

Manifests archived to GitHub

Independently verifiable

Pre-incident receipts

Recordedbefore it happened.

Recorded
before it happened.