RSS

Show HN: Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3

lateos-ai1 pts0 comments

@lateos/npm-scan - npm

npm

Search<br>Sign UpSign In

@lateos/npm-scan<br>0.18.3 • Public • Published 8 minutes ago<br>Readme<br>Code Beta<br>7 Dependencies<br>0 Dependents<br>62 Versions<br>@lateos/npm-scan

Modern supply chain security for the npm ecosystem.<br>Static + behavioral analysis that catches what npm audit, Snyk, and Socket miss — obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation.

📌 The Problem

The 2025–2026 wave of npm supply chain attacks proved that traditional tooling is no longer enough.

Attackers have moved past simple typosquatting. They now ship obfuscated preinstall hooks , credential harvesters hidden behind environment detection , dormant backdoors with time-based activation , and worm-style transitive propagation that spreads through peer dependencies.

A growing attack vector is HuggingFace org impersonation — packages that masquerade as legitimate HF model repositories (e.g., 0penai/gpt2 instead of openai/gpt2) to trick users into downloading malicious model artifacts during CI/CD pipelines, often bundled with suspicious binaries (.exe, .dll) in model repos that deep-learned tools trust by default.

The Megalodon campaign (2026) alone compromised 5,500+ repositories via fake GitHub PRs, malicious workflow injection, and cloud credential exfiltration — all coordinated through a single actor automating the entire kill chain. @lateos/npm-scan now detects artifacts of this campaign out of the box.

The Mini Shai-Hulud worm campaign (May 2026) hit the npm ecosystem in three waves — TanStack CI/CD hijack (84 artifacts in 6 minutes), AntV/atool maintainer compromise (600+ malicious versions across 300+ packages), and Nx Console VS Code extension poisoning (CVE-2026-48027) — all using ctf-scramble-v2 obfuscation, daemonized persistence with CI environment checks, geographic killswitches targeting sanctioned regions, and GitHub C2 dead-drop channels for token recovery. @lateos/npm-scan now detects all 10 Mini Shai-Hulud signals across two detector suites.

The TrapDoor campaign (May 2026) spans npm, PyPI, and Crates.io — 34 malicious packages, 384+ versions attributed to a single publisher, targeting crypto, DeFi, Solana, and AI developers with Fernet + ECDH encrypted payloads, AI context poisoning via zero-width Unicode injection in .cursorrules/CLAUDE.md, and credential live-validation against AWS STS and GitHub API before exfiltration. @lateos/npm-scan now detects all 9 TrapDoor signals.

The node-ipc compromise (May 14, 2026) weaponized an expired maintainer email domain to hijack one of npm's most depended-upon packages (822K weekly downloads). Three malicious versions (9.1.6, 9.2.3, 12.0.1) delivered an 80KB credential stealer via DNS TXT tunneling — no HTTP, no postinstall hook, invisible to HTTP-layer firewalls. @lateos/npm-scan now detects all 11 node-ipc compromise signals.

The Mass Typosquatting campaign (vpmdhaj) (May 2026) weaponized the vpmdhaj npm maintainer account to publish 14 typosquatted packages in a 4-hour window — targeting AWS/CI/CD environments with preinstall stagers (setup.mjs, stager.js), Bun runtime abuse, and cloud credential exfiltration (AWS IMDSv2, ECS task roles, Vault, GitHub tokens). @lateos/npm-scan now detects all 3 typosquatting campaign signals.

The Axios Registry Poisoning campaign (May 2026) compromised the npm registry's axios package metadata to publish axios@1.14.1 and axios@0.30.4 with injected dependencies (plain-crypto-js) containing cross-platform RAT payloads with C2 callbacks, process injection, and system persistence. @lateos/npm-scan now detects all 3 axios poisoning signals.

Critical infrastructure vulnerabilities in the Python ecosystem are also in scope. The BadHost (CVE-2026-48710) vulnerability in Starlette npm audit checks known CVEs. Snyk scans for vulnerabilities. Socket looks at package behavior. None of them were designed for the generation of attacks that emerged in 2025 — attacks that look benign until they reach production.

@lateos/npm-scan was built for this moment.

🔬 Why @lateos/npm-scan?

Capability<br>npm audit<br>Snyk<br>Socket<br>@lateos/npm-scan

Known CVE matching

Static analysis

Obfuscated payload detection

AST-level heuristic analysis

Runtime behavioral sandbox

Conditional trigger detection (ATK-009)

Sandbox evasion detection (ATK-010)

Transitive worm propagation (ATK-011)

Campaign detection (Megalodon CI/CD)

Worm campaign detection (Mini Shai-Hulud Wave 1–3)

HF model repo impersonation + README clone

VS Code extension supply chain scan (--vsix)

Python vulnerability detection (CVE-2026-48710 BadHost)

Cross-ecosystem attack detection (TrapDoor)

Expired-domain hijack detection (node-ipc)

Malware obfuscation detection (ctf-scramble-v2)

Mass typosquatting campaign (vpmdhaj maintainer)

Registry poisoning detection (axios fake versions)

Attack taxonomy (ATK series)

SBOM output (CycloneDX + SPDX)

SARIF v2.1 (GitHub Code Scanning)

NIST 800-161 compliance reporting

EU CRA...

scan lateos detection campaign credential detects

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.