npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

amifcked

v0.1.5

Published

Find installed binaries and packages tied to supply-chain attacks or AI security incidents.

Downloads

819

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

awesome31awesome31

Keywords

securitysupply-chainmalwarenpmpypiai

Readme

amifcked

Find packages and binaries on this machine tied to known supply-chain attacks, malware campaigns, and AI security incidents.

npx amifcked

amifcked scans local package-manager state wherever you run it: global installs, temporary npx installs, npm/pnpm/Yarn/Bun caches or stores, and Python user/pipx environments when present. Scoped packages are included.

A cache/store hit means the package was fetched or stored on this machine. A global or npx hit is stronger evidence that package code may have been installed or executed.

Usage

npx amifcked

The CLI prints a compact verdict and exits non-zero when it finds a risky package or suspicious IOC.

Interactive terminals also get a small menu:

more?  e explain  a actions  q quit  ›

The loader and menu are disabled for JSON output, non-interactive terminals, and CI.

Example

        .-""""-.
      .'  _    _  '.
     /   (o)  (o)   \
    |       ____       |
    |     .'    '.     |
     \    `----`    /
      '.          .'
        `-......-`
Verdict: YOU ARE FUCKED!! — 1 package hit

The shit that pinged
- npm @rspack/[email protected] (npm cache _npx)

scan 6 store(s), 1842 package/version pair(s), snapshot 2026-05-12

What It Checks

The embedded offline snapshot is dated 2026-05-12 and covers 438 package/version artifacts.

Local sources include:

  • npm global packages, cache records, and _npx installs
  • pnpm global packages and content-addressed store manifests
  • Yarn and Bun global/cache entries
  • Python user site-packages and pipx virtual environments

Advisory coverage includes Mini Shai-Hulud/TanStack, Mistral, UiPath, Squawk, OpenSearch, Lightning, Guardrails AI, SAP CAP, Intercom, Namastex.ai, CanisterWorm, CanisterSprawl, Axios, plain-crypto-js, Rspack, and Nx s1ngularity.

It also checks common home-directory locations for suspicious files such as router_runtime.js and setup.mjs when contents match known credential-exfiltration or persistence markers.

Exit Codes

  • 0: no findings
  • 1: findings detected
  • 2: usage or runtime error

Privacy

amifcked uses its embedded advisory snapshot and does not send discovered package names or versions to a remote service. Set NO_COLOR=1 for plain text output.

If You Get a Hit

Treat the machine as potentially exposed:

  1. Remove affected global or npx installs.
  2. Clear relevant package-manager cache/store entries.
  3. Inspect projects that may have installed the package.
  4. Rotate exposed tokens and credentials.
  5. Check for unexpected persistence files or workflow changes.

Use menu option 1 for attack-chain context and option 2 for a cleanup prompt you can paste into a coding/security agent.

Limitations

This is a detection tool, not a full incident-response platform.

  • Cache/store hits show package presence, not project usage.
  • The advisory snapshot is curated and dated.
  • A clean result does not prove the machine is free of malicious packages.
  • Some package-manager stores may not expose package names and versions.

Development

npm test
npm run check
node bin/amifcked.js
npm exec --package=. -- amifcked

Publishing

npm test
npm run check
npm pack --dry-run
npm publish

The package has no runtime npm dependencies and requires Node.js 18 or newer.

Research

The research trail and source URLs are in RESEARCH.md.

License

MIT