worm-sign

A security scanner that detects npm packages compromised by supply chain attacks, including the TanStack wave 4 attack (May 2026), the Axios attack (March 2026), and Shai-Hulud malware.

Version 4.2.0 License MIT

Keywords

securityscannermalwareshai-huludwormvulnerabilitiesnpmyarnpnpmsupply-chaindevsecopsauditlockfileintegrityanalysis

INSTALL

Version:

Learn more

Readme

Files

Statistics Browse CDN

Statistics

Requests 0

Bandwidth 0

Top version - 0

Full worm-sign Download Stats

Keywords

security

scanner

malware

shai-hulud

worm

vulnerabilities

npm

yarn

pnpm

supply-chain

devsecops

audit

lockfile

integrity

analysis

heuristics

entropy

github-actions

Get a badge for your package