Research about a hypothetical 666 Black Hat group of hackers who control nearly everything like NSA!!!!!111eleven111911 (ps: this is only hypothetical! not real! lol!)
Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.
NoteBad++ - PowerShell IOC scanner for the Notepad++ supply chain attack (Chrysalis/Lotus Blossom APT)
Detection rules for the Claude Code source leak : 16 Sigma rules, Splunk, Elastic, YARA. Lab-validated on GOAD Light DC02.
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
Educational demo showing how a trusted remote PowerShell script can be silently swapped when served from a mutable source URL. The import tutorial at wuwatracker.com does NOT do this and uses hashed URLs instead to prevent this attack.
Detection, prevention, and response toolkit for the axios npm supply chain attack (2026-03-31). IOC scanner, credential rotation guide, Claude Code hookify rules, and resolution monitor.
Detect IOCs from PyPI & npm supply chain attacks. TOML threat profiles, user-extensible, blast radius mapping. Built-in: LiteLLM (TeamPCP) + Axios.
Install-time package hardening for pip, npm, cargo, go, gem, and Docker. Docker-first isolation. Zero dependencies.
IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.
A new class of npm attack vector that bypasses all static security scanners by injecting instructions into AI agents via package stdout. 💬 Discussions welcome — open an issue
Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.
jQuery AJAX / Fetch / Axios / ky / ofetch 五種 HTTP 工具並排對比 demo + 文章
Add a description, image, and links to the supply-chain-attack topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-attack topic, visit your repo's landing page and select "manage topics."