brandguard 🛡️

Brand impersonation & typosquat monitor for AI agents and brand owners.

Feed brandguard a brand or product name and it scans npm, PyPI and GitHub for packages and repos that typosquat or impersonate you — each risk-scored — plus a ready-to-review takedown / trademark-notice draft.

brandguard reports from public sources. It does not file claims on anyone's behalf and is not a law firm or your agent. The takedown notice is a draft for the rights-holder to review, complete and file themselves.

Live: https://brandguard.djrorrok.workers.dev

Why an agent can't do this alone (the moat)

An LLM coding/brand agent, on its own, doesn't know:

• the typosquat surface of a name (omissions, doubling, homoglyphs o→0 l→1, deceptive -js/-sdk/-official affixes);

• which listings across three registries actually exist right now;

• how to separate the real brand / legit integrations (own npm scope, high adoption, third-party org scopes like @types/*) from parked squats — without crying wolf.

brandguard does the cross-registry lookups and the calibrated scoring so the verdict is trustworthy: LIKELY_ABUSE is only raised with a signal beyond the name match (a "this is the official X" claim, or a parked-squat download pattern). Bare name matches are SUSPECT → human review, never a false accusation.

Related MCP server: DepShield MCP

Use it

Free HTTP API

GET /scan?brand=acme&official=acme-inc        # top 5 findings, risk-scored (npm + PyPI)

MCP (over HTTP)

POST /mcp — tools: scan_brand, draft_takedown.

Pay-per-call (x402) — full scan + takedown drafts

GET /pro/scan?brand=acme&official=acme-inc    # 402 -> pay $0.15 USDC (Base) -> full report + drafts

Settles in USDC on Base via x402. No sign-up, no API key.

Sources (all public / ToS-compliant)

• npm public registry search + downloads API

• PyPI JSON API

• GitHub Search API (server-side token)

Develop / deploy

node src/test.mjs            # unit + live tests
npx wrangler deploy          # Cloudflare Worker

MIT. Not legal advice.