oops.zone

Supply
Chain
Scanner

Open-source multi-ecosystem scanner. Detects compromised packages, malware artifacts, and C2 connections across your entire dependency tree.

25
Threats
7
Ecosystems
5
Methods
Repository Contribute

Threat Database

25 Active
PyPI2026
TeamPCP
LiteLLM + Telnyx. K8s lateral movement, systemd backdoor, cascading CI/CD
Go2026
Fake x/crypto
Rekoobe backdoor deploys via typosquatted golang.org/x/crypto
npm2025
Shai-Hulud
Self-replicating worm. 1000+ packages. Cloud token theft
npm2025
Nx Stealer
AWS admin takeover in 72h via OIDC trust chain abuse
npm2025
Axios RAT
Cross-platform remote access trojan via plain-crypto-js
Go2025
Disk Wiper
Overwrites /dev/sda. Linux systems destroyed completely
CDN2024
Polyfill.io
380K+ websites. Domain hijacked. North Korea linked
PyPI2024
Ultralytics
XMRig cryptominer via GitHub Actions cache poisoning
Multi2018—24
+17 More
ua-parser-js, coa/rc, event-stream, Solana, torchtriton, colorama, rest-client, bootstrap-sass...
npm 9
PyPI 5
RubyGems 3
Cargo 2
Go 3
Composer 1
NuGet 2
01
Load Threats

JSON threat database with compromised versions, C2 IPs, malware hashes, and IOCs.

02
Scan Deps

Checks node_modules, pip, Gemfile.lock, Cargo.lock, go.sum, composer.lock.

03
Hunt

Malware files on disk. Active C2 connections. Malicious CDN refs. Bad lockfile shasums.

04
Report

CLEAN / WARNING / COMPROMISED verdict. Remediation steps per threat.

Quick Start
# clone and scan
git clone https://github.com/oopsalldev/npm-supply-chain-scanner
./scripts/scan.sh --path /your/project

# github action
uses: oopsalldev/npm-supply-chain-scanner@main

# claude code
/scan

Built with Claude Code by oops.zone