worm-sign
v4.2.0npm· JavaScriptA security scanner that detects npm packages compromised by supply chain attacks, including the TanStack wave 4 attack (May 2026), the Axios attack (March 2026), and Shai-Hulud malware.
The verdict
Maintained. Niche but maintained, actively maintained.
Live from the npm registry · derived rules, not AI
How it scores
MaintenanceHealthy
PopularityNiche
SecurityClean
LicensePermissive
DepsModerate
Maintenance
Last published this month.
Popularity
82 downloads / week
Security
No known advisories for this version (OSV).
License
MIT
Dependencies
12 direct dependencies
Recent releases
- 4.2.0this month
- 4.1.0this month
- 4.0.02 months ago
- 3.1.26 months ago
- 3.1.16 months ago
- 3.1.06 months ago
- 3.0.16 months ago
- 3.0.06 months ago