Coverage nuget

NuGet `nuget.org`

.NET. The PowerShell hook trio is the canonical NuGet supply-chain attack vector. Scanner covers IEX stagers, hidden powershell.exe spawns, base64 decode combos, Run-key persistence, and CI/CD secret env reads at hook time.

Packages scanned

35,147

High risk

Review

3,286

High-severity findings

Last scan

1m ago

Install-time attack surface

install.ps1 / init.ps1 / uninstall.ps1 — run inside Visual Studio's package manager

Supported lockfile formats

packages.lock.json
packages.config
project.assets.json

Spec format

pkgradar gate --ecosystem nuget [email protected]

Recent activity

The corpus-wide release feed lives on /campaigns. A per-ecosystem release feed for NuGet is on the roadmap — the stats above are filtered to this ecosystem in the meantime.

Other ecosystems