A Git-native dependency admission controller. Evaluates trust signals on every dependency change and blocks commits or builds when packages fail your team's policy. Pre-commit hook + CI gate with built-in approval workflow.

macOS Seatbelt sandbox CLI for developers. Protect credentials (SSH, AWS, GPG) from malicious npm packages, supply chain attacks, and untrusted build scripts. Deny-by-default filesystem isolation. Perfect for Claude Code agentic workflows with --dangerously-skip-permissions.

Why Claude Code leaked: a deep dive into npm packaging failures, source map exposure, and modern supply chain security risks.

Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.

Sentinel Package Manager blocks compromised packages BEFORE installation, preventing malicious code execution. Features: Pre-install blocking, command interception (npm/yarn/pnpm/bun), 795+ blacklist (Shai-Hulud), real-time checks (OSV/GitHub/Snyk), zero dependencies, auto-updates. Counters supply chain attacks.

Supply-chain security scanner for npm packages. Detect malicious code, typosquatting, and compromised dependencies before you install them.

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

Runtime dependency behavior monitor for Node.js - detects software supply-chain abuse

Safe npm install that blocks lifecycle scripts and isolates packages in a sandbox.

Search all repositories across a github organization and looks for nodejs dependencies

Security scanner for MCP (Model Context Protocol) servers. Detect prompt injection, secrets leaks, supply chain attacks, and vulnerabilities in MCP servers. CLI + MCP server mode.

Scan Claude MCP skills for security threats before you install. npx skill-sentry < your skills github url> free, open source, no code executed.

An Azure Devops Scanner Pipeline Template to use to detect SHAI-HULUD Worm

Detect CVE-2025-54313 eslint-config-prettier supply chain attack IOCs on Windows

Claude Code skill that hardens package manager configs against supply chain attacks. Run /harden once, it detects what you have and secures it.

Predictive dependency security engine. Trust Scores for npm/Python packages. Detects zombies, typosquats, and supply chain risks before they become CVEs.

Threat intel package for Lazarus Group's 3-wave GitHub phishing campaign targeting developers (Mar-Apr 2026). YARA, Sigma, Suricata, Nuclei rules + STIX 2.1 bundle + ATT&CK Navigator layer + full C2 infrastructure map. Defensive use only.

Won 🏆 Best Technical Product @ LikeLion Hackathon 2026. Agentic install-time supply-chain security for npm and PyPI. Multi-agent verdicts, local registry proxy, honest Wilson-CI benchmarks.

Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.