Perplexity Bumblebee: Read-Only Tool for Dev Supply Chain Checks on macOS/Linux
Bumblebee is a read-only tool designed for collecting metadata from developer environments on macOS and Linux. It helps identify which developer machines have specific packages or extensions installed, facilitating supply chain checks. The tool operates without executing package managers or reading source files, ensuring a structured output of on-disk metadata.
- ▪Bumblebee collects package, extension, and developer-tool metadata from developer endpoints.
- ▪It produces structured NDJSON records for fast exposure checks based on known advisory matches.
- ▪The tool requires Go 1.25+ and has no non-standard library dependencies.
Opening excerpt (first ~120 words) tap to expand
bumblebee Bumblebee is a read-only inventory collector for package, extension, and developer-tool metadata on macOS and Linux developer endpoints. It answers a narrow supply-chain response question: when an advisory names a package, extension, or version, which developer machines show a match in their on-disk metadata right now? SBOMs help answer what shipped, and EDR helps answer what ran or touched the network, but supply-chain response often needs a different view: messy local state across lockfiles, package-manager metadata, extension manifests, and supported developer-tool configs.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.