Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
GitHub

npx Confusion Vulnerability Scanner

This tool automates the discovery process described in that research — scanning local codebases, GitHub organizations, and web assets for unclaimed npm package names that are exploitable via npx ...
GitHub

bamzc/claude-skills-frontend

前端开发通用 Claude Skills 集合. Contribute to bamzc/claude-skills-frontend development by creating an account on GitHub.