[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81210":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":11,"openIssues":13,"contributorsCount":12,"subscribersCount":12,"size":12,"stars1d":12,"stars7d":12,"stars30d":12,"stars90d":12,"forks30d":12,"starsTrendScore":12,"compositeScore":14,"rankGlobal":9,"rankLanguage":9,"license":15,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":16,"hasPages":16,"topics":18,"createdAt":9,"pushedAt":9,"updatedAt":19,"readmeContent":20,"aiSummary":21,"trendingCount":12,"starSnapshotCount":12,"syncStatus":22,"lastSyncTime":23,"discoverSource":24},81210,"supply-chain-attack","zonko-ai\u002Fsupply-chain-attack","zonko-ai","Tells you if you are impacted by the supply chain attack.",null,"JavaScript",25,0,1,40,"MIT License",false,"main",[],"2026-06-12 04:01:32","# supply-chain-attack\n\nScan local package-manager state for packages and files associated with known supply-chain attacks.\n\n```sh\nnpx supply-chain-attack\n```\n\nThe scanner runs offline against an embedded advisory snapshot and checks global installs, temporary `npx` installs, npm\u002Fpnpm\u002FYarn\u002FBun caches or stores, and Python user\u002Fpipx environments when present. It also flags npm packages whose `postinstall` script performs network-fetch behavior (`curl`, `wget`, JavaScript `fetch`, or Node `http`\u002F`https` requests), including when `postinstall` points at a local install file that performs the fetch.\n\n## Output\n\nThe default report is compact and terminal-friendly. It highlights the verdict, the latest tracked attacks, affected packages found locally, packages with `postinstall` network-fetch behavior, and scan scope. Colors use a muted minimalist palette and can be disabled with `NO_COLOR=1` or `--no-color`.\n\n```txt\nVerdict: Potential supply-chain exposure detected — 4 package hits\n\nLATEST ATTACK\nMini Shai-Hulud expansion into AI\u002Fdevtool ecosystem packages (2026-05-12)\nAffected: 3 packages\nLibraries you had:\n- npm lightningcss-darwin-arm64@1.30.2 (pnpm store)\n\nscan 5 store(s), 4724 package\u002Fversion pair(s), snapshot 2026-05-12\n```\n\nInteractive terminals include a small menu for context and remediation prompts:\n\n```txt\noptions  l learn  a actions  q quit  ›\n```\n\n## Usage\n\n```sh\nnpx supply-chain-attack\nnpx supply-chain-attack --json\nnpx supply-chain-attack --list-advisories\nnpx supply-chain-attack --no-interactive\nnpx supply-chain-attack --no-color\n```\n\nBy default, the command exits non-zero when findings are detected. Use `--fail-on none` to always exit `0` unless there is a usage or runtime error.\n\n## Coverage\n\nSnapshot: `2026-05-12`  \nTracked artifacts: `438` package\u002Fversion entries\n\nLocal sources include:\n\n- npm global packages, cache records, and `_npx` installs\n- pnpm global packages and content-addressed store manifests\n- Yarn and Bun global\u002Fcache entries\n- Python user site-packages and pipx virtual environments\n- Selected suspicious home-directory files matching known campaign indicators\n\n## Exit Codes\n\n- `0`: no findings, or `--fail-on none`\n- `1`: findings detected\n- `2`: usage or runtime error\n\n## Privacy\n\nNo discovered package names, versions, paths, or files are sent to a remote service. The default scan uses only the embedded offline snapshot.\n\n## Interpreting Findings\n\nA cache\u002Fstore hit means the package was present on this machine. A global or `npx` hit is stronger evidence that package code may have been installed or executed.\n\nIf you get a hit, treat the machine as potentially exposed: remove affected installs, clear relevant caches, inspect dependent projects, rotate exposed credentials, and check for persistence or workflow changes.\n\n## Limitations\n\nThis is a detection aid, not a complete incident-response platform. A clean result does not prove the machine is malware-free, and the embedded advisory snapshot is necessarily dated.\n\n## Development\n\n```sh\nnpm test\nnpm run check\nnode bin\u002Fsupply-chain-attack.js\n```\n\nThe package has no runtime npm dependencies and requires Node.js `18` or newer.\n\n## Research\n\nSource notes are maintained in [`RESEARCH.md`](.\u002FRESEARCH.md).\n\n## License\n\nMIT\n","supply-chain-attack 是一个用于检测本地包管理器状态是否受到供应链攻击影响的工具。它通过扫描全局安装、临时 npx 安装、npm\u002Fpnpm\u002FYarn\u002FBun 缓存或存储以及 Python 用户\u002Fpipx 环境，来检查与已知供应链攻击相关的包和文件。该工具还能够识别 npm 包中 postinstall 脚本执行网络请求的行为。适用于开发人员和安全团队在本地环境中快速识别潜在的供应链攻击风险。使用 JavaScript 编写，并提供简洁易读的终端输出报告，支持多种命令行选项以满足不同需求。",2,"2026-06-11 04:03:54","CREATED_QUERY"]