Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Full analysis of the LiteLLM supply chain attack (March 24, 2026). Real compromised packages, decoded 3 stage malware, hands-on EC2 detonation lab with mitmproxy captures, and complete IOCs.

Research about a hypothetical 666 Black Hat group of hackers who control nearly everything like NSA!!!!!111eleven111911 (ps: this is only hypothetical! not real! lol!)

Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

NoteBad++ - PowerShell IOC scanner for the Notepad++ supply chain attack (Chrysalis/Lotus Blossom APT)

Detection rules for the Claude Code source leak : 16 Sigma rules, Splunk, Elastic, YARA. Lab-validated on GOAD Light DC02.

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

Dossiers of developer-targeted malware campaigns delivered via fake-recruiter pitches. Each case has a master analysis plus copy-paste-ready artifacts for would-be victims, abuse desks, detection engineers, and researchers.

Educational demo showing how a trusted remote PowerShell script can be silently swapped when served from a mutable source URL. The import tutorial at wuwatracker.com does NOT do this and uses hashed URLs instead to prevent this attack.

Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx)

Supply-chain security CLI for npm/bun/yarn/pnpm — install gate + lockfile snapshots + AST risk scoring

Detection, prevention, and response toolkit for the axios npm supply chain attack (2026-03-31). IOC scanner, credential rotation guide, Claude Code hookify rules, and resolution monitor.

A JavaScript supply-chain attack does not need to wait for your code path. It can arrive in a package version, a lifecycle script, a cache entry, or a developer tool that runs with more authority than the app it helps build.

Lightweight AI security guard for install/download commands - blocks malicious npm/pip/cargo packages before they install. Zero overhead, <1s check. Built from a real supply chain attack experience.

Detect IOCs from PyPI & npm supply chain attacks. TOML threat profiles, user-extensible, blast radius mapping. Built-in: LiteLLM (TeamPCP) + Axios.

IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.

Install-time package hardening for pip, npm, cargo, go, gem, and Docker. Docker-first isolation. Zero dependencies.

Scan a directory tree for npm packages compromised in a supply-chain incident, given a CSV of affected packages. Great for detecting Shai-Hulud worm infestation.

Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.