Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

NoteBad++ - PowerShell IOC scanner for the Notepad++ supply chain attack (Chrysalis/Lotus Blossom APT)

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

Educational demo showing how a trusted remote PowerShell script can be silently swapped when served from a mutable source URL. The import tutorial at wuwatracker.com does NOT do this and uses hashed URLs instead to prevent this attack.

IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.

A new class of npm attack vector that bypasses all static security scanners by injecting instructions into AI agents via package stdout. 💬 Discussions welcome — open an issue