Show HN: Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3

Category: security

Tags: supply-chain-security, npm-security, malware-analysis

Score: 8.3/10 (Innovation: 8, Technical: 9, Documentation: 9, Utility: 7)

@lateos/npm-scan is an open-source NPM supply chain scanner that combines static and behavioral analysis to detect advanced attacks like obfuscated payloads, credential stealers, and worm-like propagation that traditional tools miss. It stands out for its comprehensive attack taxonomy, cross-ecosystem detection (including Python vulnerabilities), and compliance reporting, all while running fully offline with no telemetry.

Target audience: backend devs, devops, security engineers

Repository: https://www.npmjs.com/package/@lateos/npm-scan · JavaScript · 5 stars

View on Hacker News