Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.
Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
An Azure Devops Scanner Pipeline Template to use to detect SHAI-HULUD Worm
Detect CVE-2025-54313 eslint-config-prettier supply chain attack IOCs on Windows
Repogate.io VS Code Extention
npm supply chain attack scanner. Detects nx/Singularity, debug/chalk, DuckDB, Shai-Hulud malware, exfiltration endpoints, and suspicious install scripts.
Add a description, image, and links to the npm-security topic page so that developers can more easily learn about it.
To associate your repository with the npm-security topic, visit your repo's landing page and select "manage topics."