brandguard 🛡️
Brand impersonation & typosquat monitor for AI agents and brand owners.
Feed brandguard a brand or product name and it scans npm, PyPI and GitHub for packages and repos that typosquat or impersonate you — each risk-scored — plus a ready-to-review takedown / trademark-notice draft.
brandguard reports from public sources. It does not file claims on anyone's behalf and is not a law firm or your agent. The takedown notice is a draft for the rights-holder to review, complete and file themselves.
Live: https://brandguard.djrorrok.workers.dev
Why an agent can't do this alone (the moat)
An LLM coding/brand agent, on its own, doesn't know:
- the typosquat surface of a name (omissions, doubling, homoglyphs
o→0 l→1, deceptive-js/-sdk/-officialaffixes); - which listings across three registries actually exist right now;
- how to separate the real brand / legit integrations (own npm scope, high adoption, third-party org scopes like
@types/*) from parked squats — without crying wolf.
brandguard does the cross-registry lookups and the calibrated scoring so the verdict is trustworthy: LIKELY_ABUSE is only raised with a signal beyond the name match (a "this is the official X" claim, or a parked-squat download pattern). Bare name matches are SUSPECT → human review, never a false accusation.
Use it
Free HTTP API
GET /scan?brand=acme&official=acme-inc # top 5 findings, risk-scored (npm + PyPI)MCP (over HTTP)
POST /mcp — tools: scan_brand, draft_takedown.
Pay-per-call (x402) — full scan + takedown drafts
GET /pro/scan?brand=acme&official=acme-inc # 402 -> pay $0.15 USDC (Base) -> full report + draftsSettles in USDC on Base via x402. No sign-up, no API key.
Sources (all public / ToS-compliant)
- npm public registry search + downloads API
- PyPI JSON API
- GitHub Search API (server-side token)
Develop / deploy
node src/test.mjs # unit + live tests
npx wrangler deploy # Cloudflare WorkerMIT. Not legal advice.
