npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@digi4care/shai-scan

v0.1.1

Published

Zero-dependency CLI scanner for npm/PyPI supply chain compromises. Detects compromised packages in lockfiles and system-level IOCs from attacks like Mini Shai-Hulud (CVE-2026-45321).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

digi4caredigi4care

Keywords

securitysupply-chainnpmscannermalwareshai-huludCVE-2026-45321

Readme

shai-scan

Zero-dependency CLI scanner for npm and PyPI supply chain compromises.

npm version License: MIT Node.js

Why?

On May 11, 2026, a self-propagating supply chain worm dubbed Mini Shai-Hulud (CVE-2026-45321, GHSA-g7cv-rxg3-hmpx) compromised the npm ecosystem. Attributed to TeamPCP (aka DeadCatx3, PCPcat, ShellForce, CipherForce), the malware hijacked GitHub Actions OIDC tokens to publish malicious packages with valid SLSA Build Level 3 provenance. It stole credentials from CI/CD pipelines, cloud providers, and cryptocurrency wallets, and installed persistence hooks in Claude Code and VS Code. A built-in dead-man switch threatened to wipe the user's home directory if npm tokens were revoked.

Affected packages included TanStack router and start packages, Mistral AI SDKs, OpenSearch client, UiPath tooling, and dozens of others. Because supply chain attacks move fast, organizations need a lightweight, trustworthy scanner they can run anywhere without adding new dependencies to their own attack surface.

Features

  • Lockfile scanning — Detects compromised npm and PyPI packages in package-lock.json, pnpm-lock.yaml, yarn.lock, bun.lock, bun.lockb, poetry.lock, Pipfile.lock, and requirements.txt
  • System IOC checks — Scans running processes, filesystem artifacts, network connections, and known persistence paths for indicators of compromise
  • Zero runtime dependencies — Uses only Node.js/Bun built-ins (fs, path, child_process, os). The scanner does not increase your supply chain risk
  • Multiple output formats — Human-readable text, machine-readable JSON, and SARIF for GitHub Code Scanning
  • CI/CD native — Exit codes designed for automation (0 = clean, 1 = findings, 2 = error)
  • Path-agnostic — Accept any directory; defaults to the current working directory
  • Campaign-based database — New attack waves are added as discrete campaigns in src/db.ts; update the file and rerun

Install

No installation required. Run directly with your package runner of choice:

# npx
npx @digi4care/shai-scan

# bunx
bunx @digi4care/shai-scan

# pnpm dlx
pnpm dlx @digi4care/shai-scan

Global install (optional):

npm install -g @digi4care/shai-scan
# or
pnpm add -g @digi4care/shai-scan

From source:

git clone https://github.com/digi4care/shai-scan.git
cd shai-scan
pnpm install
bun run src/cli.ts --help   # Bun (recommended for development)
# or build and run with Node.js:
pnpm run build && node dist/cli.js --help

Usage

Scan the current project

npx @digi4care/shai-scan

Scan a specific path

npx @digi4care/shai-scan ~/projects/my-app

JSON output for automation

npx @digi4care/shai-scan --json .

SARIF output for GitHub Code Scanning

npx @digi4care/shai-scan --sarif --sarif-file results.sarif .

CI/CD exit codes

#!/bin/bash
npx @digi4care/shai-scan --severity high . || {
  code=$?
  if [ "$code" -eq 1 ]; then
    echo "Supply chain findings detected"
    exit 1
  elif [ "$code" -eq 2 ]; then
    echo "Scanner error"
    exit 2
  fi
}

CI/CD Integration

GitHub Actions (text output)

name: Supply Chain Scan
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 22
      - run: pnpm install --frozen-lockfile
      - run: npx @digi4care/shai-scan --severity high .

GitHub Actions (SARIF upload)

name: Supply Chain Scan SARIF
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 6 * * 1'

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 22
      - run: pnpm install --frozen-lockfile
      - run: npx @digi4care/shai-scan --sarif --sarif-file results.sarif .
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Output Formats

| Format | Flag | Description | |--------|------|-------------| | Text | (default) | Human-readable table of findings with severity, package name, version, and campaign details | | JSON | --json | Structured JSON array of findings, suitable for ingestion into SIEMs or custom dashboards | | SARIF | --sarif | OASIS SARIF 2.1.0 format for upload to GitHub Code Scanning, GitLab Secure, or other SARIF consumers |

Example JSON excerpt:

[
  {
    "package": "@tanstack/react-router",
    "version": "1.169.5",
    "ecosystem": "npm",
    "severity": "critical",
    "campaign": "mini-shai-hulud-wave4",
    "cve": "CVE-2026-45321",
    "reference": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx"
  }
]

Exit Codes

| Code | Meaning | |------|---------| | 0 | No compromised packages or IOCs detected | | 1 | One or more findings detected | | 2 | Runtime error (invalid path, unreadable lockfile, etc.) |

Adding New Campaigns

When a new supply chain attack is discovered, update src/db.ts:

  1. Add a new CompromisedVersion[] array with the affected packages and versions
  2. Append a new Campaign object to the CAMPAIGNS array, including CVE/GHSA identifiers, severity, description, reference URLs, and IOC indicators
  3. The buildLookup() function automatically rebuilds the lookup map on the next run

No rebuild step is required when using Bun. Changes to src/db.ts take effect immediately with bun run src/cli.ts. For the npm package, run pnpm run build after editing.

Security Considerations

  • Zero runtime dependencies: The scanner uses only Node.js/Bun built-in modules. It does not download or execute third-party code at runtime, eliminating the risk that the scanner itself becomes a compromise vector.

  • pnpm as package manager: pnpm uses strict lockfiles, does not execute lifecycle scripts by default, and supports content-addressable storage. These properties reduce the attack surface compared to other package managers.

  • Recommended .npmrc settings: For maximum protection when installing packages, add the following to your project or global .npmrc:

    ignore-scripts=true
engine-strict=true

  • No network calls: shai-scan does not phone home, download signatures, or require an API key. All campaign data is shipped with the package.

Affected Packages (Current Campaign)

The following packages and versions are known to be compromised in CVE-2026-45321 (Mini Shai-Hulud Wave 4). This is a representative subset; the full list is maintained in src/db.ts.

| Package | Ecosystem | Compromised Versions | |---------|-----------|---------------------| | @tanstack/react-router | npm | 1.169.5, 1.169.8 | | @tanstack/vue-router | npm | 1.169.5, 1.169.8 | | @tanstack/solid-router | npm | 1.169.5, 1.169.8 | | @tanstack/router-core | npm | 1.169.5, 1.169.8 | | @tanstack/react-start | npm | 1.167.68, 1.167.71 | | @mistralai/mistralai | npm | 2.2.2, 2.2.3, 2.2.4 | | @mistralai/mistralai-azure | npm | 1.7.2, 1.7.3 | | mistralai | pypi | 2.4.6 | | @opensearch-project/opensearch | npm | 3.5.3, 3.6.2, 3.7.0, 3.8.0 | | @uipath/robot | npm | 1.3.4 | | @squawk/airways | npm | 0.4.2, 0.4.3, 0.4.5 | | @draftauth/core | npm | 0.13.1, 0.13.2 | | @tallyui/core | npm | 0.2.1, 0.2.2, 0.2.3 | | safe-action | npm | 0.8.3, 0.8.4 | | cmux-agent-mcp | npm | 0.1.3 - 0.1.8 | | nextmove-mcp | npm | 0.1.3, 0.1.4, 0.1.5, 0.1.7 | | ts-dna | npm | 3.0.1, 3.0.2, 3.0.4 | | cross-stitch | npm | 1.1.3, 1.1.4, 1.1.6 | | git-git-git | npm | 1.0.8 - 1.0.12 | | git-branch-selector | npm | 1.3.3 - 1.3.7 | | agentwork-cli | npm | 0.1.4, 0.1.5 | | wot-api | npm | 0.8.1, 0.8.2, 0.8.4 | | ml-toolkit-ts | npm | 1.0.4, 1.0.5 | | @beproduct/nestjs-auth | npm | 0.1.2 - 0.1.19 | | @dirigible-ai/sdk | npm | 0.6.2, 0.6.3 | | @taskflow-corp/cli | npm | 0.1.24 - 0.1.29 | | @tolka/cli | npm | 1.0.2, 1.0.3, 1.0.4, 1.0.6 | | @supersurkhet/cli | npm | 0.0.2 - 0.0.7 | | guardrails-ai | pypi | 0.10.1 |

License

MIT. See LICENSE for details.

Disclaimer

shai-scan is a detection aid, not a substitute for comprehensive security audits, dependency review, or threat intelligence platforms. It identifies known compromised versions based on the shipped database; novel or zero-day supply chain attacks may not be detected until a campaign is added. Always practice defense in depth: audit dependencies, pin versions, verify provenance, and monitor CI/CD pipelines.