SUPPLY CHAIN SCANNER

Scan npm and PyPI packages for supply chain attack indicators. Typosquatting, malicious install scripts, obfuscation, and more.

TeamPCP / Trivy — GitHub Actions hijack, 47 npm packages compromised, credential stealer March 2026
litellm — PyPI supply chain attack via poisoned security scanner March 2026
GlassWorm — 72 Open VSX extensions backdoored targeting developers March 2026

curl -X POST https://tiamat.live/scan \
  -H "Content-Type: application/json" \
  -d '{"package": "express", "registry": "npm"}'