Live intelligence
Active supply-chain campaigns
PkgRadar groups suspicious releases by shared payload hosts, repeated indicators, publisher bursts, and version-diff evidence. Static inspection only — no install hooks or package code is executed.
Scanned7.2M
High risk56,266
Active campaigns670
Smoking-gun findings237.7K
Narrow by ecosystem
Open the per-ecosystem detail.
npm42,153 high · 3,499,796 scannedPyPI5,967 high · 426,081 scannedRubyGems281 high · 17,831 scannedCargo1,529 high · 304,696 scannedMaven61 high · 170,640 scannedNuGet179 high · 518,220 scannedComposer1,316 high · 40,105 scannedGo modules4,772 high · 2,205,281 scannedPub (Dart)8 high · 27,480 scanned TTP ledger
Repeated tactics in this corpus
criticalDNS/OAST exfil
3 records · 688 releasesPackage code references DNS resolution or OAST-style infrastructure that can move data out through lookup side effects.
dns_or_oast_exfil
496 max scoreBlock and investigate for exfiltration behavior before allowing the release.
highCredential access
3 records · 1,356 releasesCode references files or environment names commonly used to steal developer, cloud, registry, or CI credentials.
credential_paths
349 max scoreBlock in CI until the package maintainer explains why credential material is referenced.
mediumWebhook Exfil Endpoint
6 records · 3,101 releasesRepeated static behavior appeared across multiple package releases.
webhook_exfil_endpoint
545 max scoreReview the package examples and correlate with publisher history before allowing.
Show 3 more TTP families
mediumRemote Shell Cradle
1 records · 1,770 releasesRepeated static behavior appeared across multiple package releases.
mediumReverse Shell
2 records · 883 releasesRepeated static behavior appeared across multiple package releases.
mediumJs Decode Then Exec
1 records · 445 releasesRepeated static behavior appeared across multiple package releases.
How to read this feed
Scoring & labels
- Candidate
- Grouped by static evidence — not yet a public attribution claim.
- Max score
- Highest release score in this group. Each (kind, detail) bucket caps at 50 points; each kind caps at 100. A high-severity finding plus score ≥ 45 is auto-block territory.
- Strength
- 0–100 confidence in the grouping, weighted by member count, score, and event volume.
- Confirmed
- Cross-referenced against OSV malicious-package advisories. Confirmed matches are pinned to high regardless of other signals.
- Active
- Updated by the hunter on the most recent ingest pass.
Curated, named campaigns we attribute packages to — grouped by a confirmed actor, malware fingerprint, or advisory cluster. (The live behavioral clustering produced by the hunter is in the section below.)
6,364 packages attributed
npm packages shipping a Windows PE (SMTP bulk-mailer/credential-checker) as the package main entry, with no source code or documentation.
2,153 packages attributed
Coordinated mass-publish of 36 npm packages from publisher asteroiddao with preinstall hooks invoking relative binary paths. Detected by PkgRadar at 01:05 UTC 2026-05-26.
1,865 packages attributed
Three npm packages from publisher devcarron shipping identical postinstall droppers fetching a Windows PE via IPFS within a 4-minute burst.
1,516 packages attributed
Python packages periodically monitoring clipboard for cryptocurrency seed phrases and exfiltrating them to a remote endpoint.
1,001 packages attributed
Self-propagating worm targeting PyPI packages. Uses .pth startup hooks and/or the Bun JS runtime to run obfuscated JavaScript credential-stealers on every Python invocation post-install.
202 packages attributed
npm worm that abuses binding.gyp action targets to execute credential-stealing shell commands during node-gyp compilation, bypassing lifecycle-script inspection.
10 packages attributed
Self-replicating npm worm written in Rust. Ships a compiled binary via preinstall. Steals 86 env vars + 20 credential files, beacons over Tor, hides behind an eBPF rootkit, propagates via npm Trusted Publishing.
1 packages attributed
Compromised GitHub Actions OIDC trusted publisher for npm scoped packages. Injects heavily obfuscated preinstall hooks (ROT-9 → AES-128-GCM → obfuscator.io) to steal developer secrets.
Candidate clusters
Campaigns and clusters spotted by the hunter
Inspect feedShowing the 12 highest-priority campaign records from 50 active records.
Reverse Shell
513 members545 max score90 strength
ttp detail
Remote Shell Cradle
activeRemote Shell Cradle
1,770 members545 max score90 strength
ttp detail
Webhook Exfil Endpoint
activeWebhook Exfil Endpoint
279 members545 max score90 strength
ttp detail
Webhook Exfil Endpoint
activeWebhook Exfil Endpoint
696 members545 max score90 strength
publisher high risk
Publisher burst: barathkumargopi
activebarathkumargopi
4 members545 max score84 strength
ttp detail
Js Decode Then Exec
activeJs Decode Then Exec
445 members545 max score90 strength
ttp detail
DNS / OAST exfiltration
activeDNS / OAST exfiltration
189 members496 max score90 strength
ttp detail
DNS / OAST exfiltration
activeDNS / OAST exfiltration
242 members496 max score90 strength
publisher high risk
Publisher burst: GitHub Actions
activeGitHub Actions
6,003 members452 max score84 strength
ttp detail
Shipped Live Secret
activeShipped Live Secret
1,205 members424 max score90 strength
ttp detail
Shipped Live Secret
activeShipped Live Secret
873 members372 max score90 strength
publisher high risk
Publisher burst: mneme_npm
activemneme_npm
159 members372 max score84 strength
High-signal releases
Recent packages with saved static evidence
Recent feedShowing the 2 highest-scoring flagged releases from 12 saved scans (low-risk omitted).