Perplexity open-sources Bumblebee: read-only supply-chain scanner in Go

Perplexity dropped Bumblebee this week — a Go binary that scans developer machines for supply-chain compromise without ever executing the packages it audits. The design point is in the name: read-only. It never runs `npm install`, never triggers lifecycle hooks, never invokes pnpm, bun, pip, go mod download. It opens lockfiles, reads metadata, parses extension manifests and MCP configuration files. That's it. For builders who've watched scanner tooling itself get weaponised against the projects it's meant to protect, this is the architectural move that matters.

The build: Go 1.25, zero non-stdlib dependencies, single binary install via `go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest`. Apache 2.0, currently v0.1.1. Coverage spans npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems and Composer for package ecosystems — plus VS Code, Cursor, Windsurf, VSCodium, Chrome and Firefox for editor and browser extensions, plus MCP config files. Perplexity cites recent campaigns against TanStack, SAP and Zapier as the threat model. No process monitoring, no network telemetry, no daemon — the tool exits when it's done reading.

The ecosystem gap Bumblebee fills is not what SBOMs cover. SBOMs describe deployed artifacts; Snyk and Socket scan dependency graphs at install time; EDR watches running processes. None of them scan the *local developer state* — the IDE extension that runs with full FS privilege, the MCP config that points an agent at a poisoned tool server, the lockfile that resolved to a typosquat last Tuesday and is now living quietly in your `node_modules`. That surface has exploded with the agent stack. Cursor extensions, Windsurf plugins, the dozens of MCP servers builders are loading into Claude Desktop and Code — each one is a piece of code with full local privilege that almost nobody is auditing. Bumblebee treats that surface as first-class.

Monday morning: if you ship code from a machine that also runs Cursor, Windsurf, VS Code or any MCP-loading client, `go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest` and run it. Single binary, no telemetry, no install scripts. The IDE-extension and MCP-config coverage is the differentiator — your existing `npm audit` or Snyk scan was never going to catch a poisoned Cursor extension or an MCP config rewiring your agent's tool surface.