Is this package compromised?
Track malicious releases, account takeovers, typosquatting, dependency confusion, and worms.
Active issues (7d)
Incidents (90d)
Less More
Volume by ecosystem (30d)
Reported packages
| Package | Ecosystem | Status | Attack Type | ||
|---|---|---|---|---|---|
| @cap-js/sqlite | npm | Compromised | Worm | 1 | 9d ago |
| @cap-js/db-service | npm | Compromised | Worm | 1 | 9d ago |
| @cap-js/postgres | npm | Compromised | Worm | 1 | 9d ago |
| @beproduct/nestjs-auth | npm | Compromised | Script abuse | 1 | 10d ago |
| guardrails-ai | pypi | Compromised | Malicious version | 1 | 10d ago |
| @opensearch-project/opensearch | npm | Compromised | Malicious version | 1 | 10d ago |
| @mistralai/mistralai-azure | npm | Compromised | Worm | 1 | 11d ago |
| @mistralai/mistralai | npm | Compromised | Worm | 1 | 11d ago |
| @mistralai/mistralai-gcp | npm | Compromised | Worm | 1 | 11d ago |
| mistralai | pypi | Compromised | Malicious version | 1 | 11d ago |
| @tanstack/router-plugin | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/react-router-ssr-query | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/arktype-adapter | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/react-router-devtools | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/eslint-plugin-router | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/react-start-rsc | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/router-ssr-query-core | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/eslint-plugin-start | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/history | npm | Compromised | Malicious version | 1 | 17d ago |
| @tanstack/react-start | npm | Compromised | Malicious version | 1 | 17d ago |
Live feed
Laravel Lang Supply Chain Advisory
Advisory 6d ago
Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT
Incident 8d ago
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
Incident 9d ago
Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target
Research 10d ago
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Incident 10d ago
Malicious node-ipc versions published to npm in suspected maintainer account compromise
Incident 14d ago
How to Build a Software Supply Chain Security Playbook
Policy 16d ago
The Evolution of Open Source Malware: From Volume to Trust Abuse
Research 24d ago
The Mythos AI Vulnerability Storm: What to Do Next
Research 28d ago
Malicious PyTorch Lightning Packages Found on PyPI
Incident 28d ago
lightning PyPI Compromise: A Bun-Based Credential Stealer in Python
Incident 29d ago
A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
Incident 30d ago
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
Incident 31d ago
The Time Is Now to Prepare for CRA Enforcement
Policy 37d ago
Mythos and the AI Vulnerability Storm: Exploring the Control Point
Research 43d ago
Why Software Supply Chain Security Requires a New Playbook
Advisory 44d ago