BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us

Home Search Compare Equivalents

One search box and one honest, consistent read on every open-source library — across every ecosystem.

npmPyPIcrates.ioRubyGemsGoMavenNuGet

Discover

Tools

Compare Equivalents

Data

deps.dev OSV advisories npm registry PyPI

About

Methodology Partner with us

© 2026 Modules · A precision instrument for picking dependencies.Data refreshed continuously from public registries, deps.dev & OSV

cross-ecosystem search · live

Results for supply-chain-attack

Found in 4 of 7 ecosystemsnpm 1–24 of 34,653 · 9 matches across other registries

npm34653 crates.io1 RubyGems7 NuGet1

How we search: free-text on npm, crates.io, RubyGems, NuGet and Maven. PyPI and Go do exact-name lookup only. Tip: click an ecosystem chip below to filter; click Show all ecosystems to come back.

Sort

Auto-load on scroll

npm matches

Showing 24 of 34,653 · JavaScript

See all npm →

supply-chain-attackv0.1.10

Scan local package-manager state for known supply-chain attack indicators.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

sha1-hulud-scannerv1.0.1

Sha1-Hulud 2.0 npm supply chain attack scanner - Real-time detection using Koi.ai data

MaintenanceAging

PopularityUnknown

Aging — last published 6 months ago — check before adopting.

@uniacco-tech/asl_uiv1.2.1

supply chain attack poc

MaintenanceAbandoned

PopularityUnknown

Abandoned. Last published 2 years ago.

multiocularv0.8.3

Review dependencies changes to prevent supply chain attack

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

@emstack/tanstack-supply-chain-checkerv1.2.0

Detect and fix the mini-shai-hulud TanStack supply-chain attack (socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack)

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

Static obfuscation detector for npm lifecycle scripts — supply chain attack prevention

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

pnpm-shieldv1.0.1

Supply chain attack protection audit tool for pnpm projects

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

dryinstallv0.8.0

npm supply chain attack defense via execution isolation

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

supply-chain-research-backdoorv1.0.0

Security research backdoor package for supply chain attack simulation

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

@huckleberry-inc/check-npm-lockfilev0.2.0

Detect recently published npm packages in lockfiles for supply chain attack prevention

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

request-logger-canaryv1.0.0

Inert test fixture for validating supply chain attack detection systems. Contains malicious code PATTERNS without actual harmful behavior.

MaintenanceHealthy

PopularityUnknown

Security1 advisory

Maintained. Maintained, actively maintained.

np-audit-test-obfuscatedv1.0.0

Test fixture for np-audit — simulates a supply chain attack with obfuscated postinstall. Completely harmless.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

supply-scanv1.1.0

Universal npm supply chain attack scanner. Detects compromised packages from 12+ known attacks.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

shai-hulud-scanv1.1.2

A CLI tool for detecting the 'Shai-Hulud' npm supply chain attack that occurred in September 2025

MaintenanceAging

PopularityUnknown

Aging — last published 8 months ago — check before adopting.

verdaccio-age-gatev1.0.0

Verdaccio middleware that blocks npm packages published less than N days ago, reducing supply-chain attack risk.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

dep-trustv0.1.2

Scan your npm dependencies for supply chain attack indicators.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

@oat-sa-private/shai-hulud-2-checkerv0.2.0

Detect malicious npm packages linked to the Shai-Hulud 2.0 supply chain attack.

MaintenanceAging

PopularityUnknown

Aging — last published 6 months ago — check before adopting.

hulud-party-scannerv1.5.0

Project integrity scanner for known vulnerabilities and suspicious patterns related to the Shai-Hulud supply-chain attack.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

check-npm-lockfilev0.1.2

Detect recently published npm packages in lockfiles for supply chain attack prevention

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

validator-pkgv1.1.0

Package used to demonstrate a supply chain attack.

MaintenanceAbandoned

PopularityUnknown

Abandoned. Last published 4 years ago.

Proof of concept for a dependency confusion supply chain attack.

MaintenanceAbandoned

PopularityUnknown

Abandoned. Last published 4 years ago.

Check if your GitHub repos were affected by the Sha1hulud supply chain attack

MaintenanceAging

PopularityUnknown

Aging — last published 6 months ago — check before adopting.

@emstack/axios-affected-checkerv1.0.1

Scans your machine and Node.js projects for indicators of the axios supply chain attack

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.

dependency-confusionv1.0.0

Proof of concept for a dependency confusion supply chain attack.

MaintenanceAbandoned

PopularityUnknown

Abandoned. Last published 4 years ago.

1 2 3 4 5…1444

crates.io matches

1 match · Rust

supply-chain-attack-testv0.1.0

The goal of this package is solely to test possible supply chain attack

MaintenanceDeprecated

PopularityNiche

Deprecated. Don't start a new project on this.

RubyGems matches

7 matches · Ruby

Sossy detects "risky" RubyGems packages in your software supply chain.

MaintenanceAbandoned

PopularityNiche

Abandoned. Last published 4 years ago.

Ossie reports "risky" RubyGems packages in your software supply chain.

MaintenanceAbandoned

PopularityNiche

Abandoned. Last published 4 years ago.

Packj flags malicious and other "risky" RubyGems packages in your software supply chain.

MaintenanceAbandoned

PopularityNiche

Abandoned. Last published 3 years ago.

commissarv0.1.0

Static analysis tool that scans RubyGems for indicators of supply chain compromise: malicious gemspecs, suspicious URLs, credential exfiltration, obfuscated payloads, and more.

MaintenanceHealthy

PopularityNiche

Maintained. Niche but maintained, actively maintained.

bundle-safe-updatev1.0.17

A CLI tool that prevents installation of gem versions that are too new (e.g., <14 days old), helping protect against supply chain attacks.

MaintenanceHealthy

PopularityNiche

Maintained. Niche but maintained, actively maintained.

This gem has been published by Aikido Security to help prevent supply chain attacks. It is not intended for direct use. Please use 'aikido-zen' instead.

MaintenanceAging

PopularityNiche

Aging — last published 10 months ago — check before adopting.

beachcomberv0.1.0

This package exists to prevent name squatting and malicious supply chain attacks. The beachcomber client SDK is published as libbeachcomber. See https://beachcomber.sh

MaintenanceHealthy

PopularityNiche

Maintained. Niche but maintained, actively maintained.

NuGet matches

1 match · .NET

validpackv1.1.0

No description provided.

MaintenanceHealthy

PopularityUnknown

Maintained. Maintained, actively maintained.