Packages scanned
3.4M
Coverage npm
registry.npmjs.orgJavaScript / Node.js. Largest registry by package count and the most common supply-chain attack target; the scanner covers preinstall hooks, install-time remote payloads, lifecycle-diff vs prior release, and known-IOC filename matching.
3.4M
40,207
323K
196.1K
4m ago
Install-time attack surface
preinstall / install / postinstall scripts in package.json — run as part of `npm install`
Supported lockfile formats
package-lock.jsonnpm-shrinkwrap.jsonpnpm-lock.yamlyarn.lockSpec format
pkgradar gate --ecosystem npm [email protected]Recent activity
The corpus-wide release feed lives on /campaigns. A per-ecosystem release feed for npm is on the roadmap — the stats above are filtered to this ecosystem in the meantime.
Other ecosystems