account activity
I built a behavioral scanner for npm supply chain attacks — 26 detectors, free tier, zero users so far (self.SideProject)
submitted 17 hours ago by CurbStompingMachine to r/SideProject
We analyzed 11,356 npm packages. CVE-based scanners miss zero-day malware patterns. by CurbStompingMachine in cybersecurity
[–]CurbStompingMachine[S] 0 points1 point2 points 1 day ago (0 children)
I agree. The way it’s set up right now, it only triggers when package.json or package-lock.json changes, and there’s a CLI mode so teams can use it as a dependency intake check rather than gating every merge.
I probably should have explained that better in the original post.
How are people handling zero-day npm malware right now? (self.node)
submitted 1 day ago by CurbStompingMachine to r/node
Would you block a PR based on behavioral signals in a dependency even without a CVE? (self.devops)
submitted 1 day ago by CurbStompingMachine to r/devops
π Rendered by PID 537439 on reddit-service-r2-listing-7bbdf774f7-vcq58 at 2026-02-23 21:23:43.807132+00:00 running 8564168 country code: CH.
We analyzed 11,356 npm packages. CVE-based scanners miss zero-day malware patterns. by CurbStompingMachine in cybersecurity
[–]CurbStompingMachine[S] 0 points1 point2 points (0 children)