Research about a hypothetical 666 Black Hat group of hackers who control nearly everything like NSA!!!!!111eleven111911 (ps: this is only hypothetical! not real! lol!)
Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.
NoteBad++ - PowerShell IOC scanner for the Notepad++ supply chain attack (Chrysalis/Lotus Blossom APT)
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
Educational demo showing how a trusted remote PowerShell script can be silently swapped when served from a mutable source URL. The import tutorial at wuwatracker.com does NOT do this and uses hashed URLs instead to prevent this attack.
Detection rules for the Claude Code source leak : 16 Sigma rules, Splunk, Elastic, YARA. Lab-validated on GOAD Light DC02.
Detection, prevention, and response toolkit for the axios npm supply chain attack (2026-03-31). IOC scanner, credential rotation guide, Claude Code hookify rules, and resolution monitor.
Detect IOCs from PyPI & npm supply chain attacks. TOML threat profiles, user-extensible, blast radius mapping. Built-in: LiteLLM (TeamPCP) + Axios.
Install-time package hardening for pip, npm, cargo, go, gem, and Docker. Docker-first isolation. Zero dependencies.
IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.
Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.
jQuery AJAX / Fetch / Axios / ky / ofetch 五種 HTTP 工具並排對比 demo + 文章
A new class of npm attack vector that bypasses all static security scanners by injecting instructions into AI agents via package stdout. 💬 Discussions welcome — open an issue
Add a description, image, and links to the supply-chain-attack topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-attack topic, visit your repo's landing page and select "manage topics."