The past 60 days have been brutal for supply chain security:
• 639 malicious versions across 323 packages in ONE hour (AntV wave)
• A worm with valid SLSA Build Level 3 provenance (TanStack)
• North Korean APTs injecting malware into "AI-assisted coding" workflows
• Credential stealers hiding in node-ipc, axios, lightning, and hundreds more
I built LibKill to answer one question: "Is my system clean?"
It scans your npm/pip packages against 2,800+ known compromised artifacts and tells you exactly what to remove. No SaaS, no API keys, no cloud. Just a single binary.
What's new in v0.1.5:
✅ Live threat feeds from 6 sources — Socket.dev, OSV.dev, GitHub Advisory DB, Cisco Talos, Unit 42, BleepingComputer
✅ uv support — detects Python packages installed via uv pip and uv tool
✅ Venv scanning — walks your project directories for virtual environments
✅ Windows Scripts/ path support
✅ 165 new malicious packages added — TrapDoor, Axios/Lazarus, CanisterSprawl, Contagious Interview, Solana typosquats
✅ 19 malware families tracked — PamDOORa, Quasar Linux RAT, CloudZ RAT, Nitrogen, and more
✅ GitHub token integration for live GHSA updates (optional, works without it)
One command to install:
curl -fsSL https://lnkd.in/dTv3ukhe | bash
Open source. MIT license. Cross-platform.
https://github.com/firfircelik/libkill