Back to Projects

chain-audit

Zero-dependency heuristic scanner CLI to detect supply chain attacks in node_modules with comprehensive security pattern detection.

chain-audit

About This Project

chain-audit is a zero-dependency heuristic scanner CLI designed to detect supply chain attacks in node_modules. The tool performs comprehensive security analysis by scanning for malicious install scripts, network access in scripts, env exfiltration attempts, executable files, native binaries, corrupted package.json files, and metadata anomalies.



The scanner provides multi-layered detection capabilities and works completely offline, making it ideal for secure environments. It's designed to run before install scripts execute, enabling proactive security scanning. The tool is published on npm and serves as an essential security tool for Node.js projects, complementing traditional vulnerability scanners like npm audit with heuristic-based attack detection.

Key Features

  • Detects malicious install scripts
  • Detects network access in scripts
  • Detects env exfiltration attempts
  • Detects executable files
  • Detects native binaries
  • Detects corrupted package.json
  • Detects metadata anomalies
  • Zero dependencies
  • Works offline

Challenges

  • Creating effective heuristic detection patterns
  • Minimizing false positives while catching real threats
  • Building zero-dependency security tool
  • Ensuring comprehensive coverage of attack vectors

Results

  • 100% free and easy-to-use CLI tool for developers and security researchers
  • Published on npm for community use
  • Comprehensive supply chain attack detection
  • Works completely offline
  • Zero-dependency architecture
  • CI/CD integration capabilities

Technologies Used

Visit Live SiteView Source Code
View All Projects