The Bottom Line
Entry price
Free plan available, paid tiers above
Biggest pro
Significantly enhances software supply chain security by preventing vulnerable package installations.
Biggest con
Requires an additional step in the package installation workflow, which might introduce a slight overhead.
TL;DR - Refuse
- Blocks vulnerable package installations across 21 ecosystems.
- Offers both hosted and self-hosted deployment options.
- Integrates with shell, CI/CD, and AI coding agents to prevent security risks.
What is Refuse?
Pros & Cons
Pros
- Significantly enhances software supply chain security by preventing vulnerable package installations.
- Supports a broad range of package managers and development environments.
- Offers flexible deployment options including a free self-hosted solution and a generous free hosted tier.
- Provides specific safe version suggestions when blocking vulnerable packages.
- Easy to install and integrate into existing workflows (shell, CI/CD, agents).
Cons
- Requires an additional step in the package installation workflow, which might introduce a slight overhead.
- The hosted Pro tier with higher scan limits is planned for future release.
Key Features
Pricing Plans
Pricing checked Jul 8, 2026
OSS / Self-host
$0 / forever
- Apache-2.0 CLI + server
- Unlimited scans
- All ecosystems
- REST API; MCP on roadmap
Hosted Free
$0 / forever
- 100,000 scans / 30 days
- Hosted MCP at mcp.refuse.dev
- All ecosystems
- 90-day request logs
Hosted Pro
$5 / month
- 5,000,000 scans / 30 days
- Everything in Hosted Free
- Email support
How Refuse's pricing compares
At $5/mo, Refuse is the most affordable of its 4 direct competitors.
Entry paid plan, monthly. Pricing checked Jul 8, 2026.
Reviews

Review Refuse, get a free AI guide
Share your experience and we will send you Improve Your Thinking Patterns Using ChatGPT, free.
Best Refuse Alternatives
Top alternatives based on features, pricing, and user needs.
Detect hardcoded secrets and exposed credentials in code and public repos
Secure your code, dependencies, containers, and IaC from dev to production
Static analysis for finding bugs
Secure your dependencies and ship with confidence.
Vulnerability scanner for container images
Discover vulnerabilities across a codebase with industry-leading semantic code analysis.
Still deciding?
Most buyers shortlist 2 or 3 tools before committing. Pull a side-by-side comparison or browse the full alternatives shortlist below.
Explore More
Refuse FAQ
How does Refuse intercept package installations?
What types of vulnerabilities does Refuse check for?
Can Refuse be used within CI/CD pipelines?
What is the difference between a 'scan' and a 'package' in Refuse's pricing model?
Does Refuse support private package registries or air-gapped environments?
How does Refuse handle cases where a package is blocked?
What are the infrastructure requirements for self-hosting Refuse?
docker run command. By default, it uses SQLite, but it can be configured for production setups as detailed in the self-host guide.Can Refuse be used with AI coding agents?
Source: refuse.dev