Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

NoteBad++ - PowerShell IOC scanner for the Notepad++ supply chain attack (Chrysalis/Lotus Blossom APT)

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

Educational demo showing how a trusted remote PowerShell script can be silently swapped when served from a mutable source URL. The import tutorial at wuwatracker.com does NOT do this and uses hashed URLs instead to prevent this attack.

Research about a hypothetical 666 Black Hat group of hackers who control nearly everything like NSA!!!!!111eleven111911 (ps: this is only hypothetical! not real! lol!)

IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.

Install-time package hardening for pip, npm, cargo, go, gem, and Docker. Docker-first isolation. Zero dependencies.

A new class of npm attack vector that bypasses all static security scanners by injecting instructions into AI agents via package stdout. 💬 Discussions welcome — open an issue

Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.