◐ Shell
reader mode source ↗
Aikido Intel
Secure My Code

Your earliest warning for supply chain threats

Aikido Intel is the real-time supply chain intelligence feed. We detect malware and vulnerabilities in open-source ecosystems within minutes.

VulnerabilitiesMalwarePackages
AllNPMPyPiGitHub ActionsPackagistRubyVS CodeOpen VSXJetBrainsVisual StudioNuGetMavenCPANChromeFirefoxEdgeRustGoWordPressSkillsDrupal
NPMNPM
npm packages
PyPiPyPi
PyPI packages
GitHub ActionsGitHub Actions
GitHub Actions
PackagistPackagist
PHP packages
RubyRuby
Ruby gems
VS CodeVS Code
VS Code extensions
Open VSXOpen VSX
Open VSX extensions
JetBrainsJetBrains
JetBrains plugins
Visual StudioVisual Studio
Visual Studio extensions
NuGetNuGet
NuGet packages
MavenMaven
Maven packages
CPANCPAN
Perl modules
ChromeChrome
Chrome extensions
FirefoxFirefox
Firefox extensions
EdgeEdge
Edge extensions
RustRust
Rust crates
GoGo
Go modules
WordPressWordPress
WordPress plugins
SkillsSkills
Agent skills
DrupalDrupal
Drupal modules

Most Recent

No malware found

We actively scan All ecosystems for malware. Nothing malicious has shown up here.

Reset Ecosystems

Featured Research

June 24, 2026

Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

Protect yourself from malware upon install with Aikido Safe Chain (open source)

Install Safe Chain

Protect Developer Devices
from Supply Chain Attacks.

Block malicious packages, IDE extensions, browser plugins, and AI tools before install.

Discover Endpoint Protection
 Use open source
Packagist
NPM
PyPi

Latest Publications

Subscribe to hear about critical security incidents

We'll send you updates on incidents as and when they happen

SubscribeSubscribe
Featured
Visit our blog
June 24, 2026

Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

codfish/semantic-release-action was compromised on June 24, 2026. Attackers repointed v2–v5 tags to a Miasma credential-stealing payload targeting CI/CD secrets. Here's what happened and how to check if you're affected.

Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets
Over 140 popular Mastra npm Packages Hit by Supply Chain Attack
June 17, 2026

Over 140 popular Mastra npm Packages Hit by Supply Chain Attack

141 Mastra npm packages were compromised in a supply chain attack that injected a malicious dependency to silently download and execute a payload at install time.

Multiple JetBrains IDE plugins caught stealing AI keys
June 16, 2026

Multiple JetBrains IDE plugins caught stealing AI keys

A coordinated campaign of at least 15 JetBrains IDE plugins, published under seven vendor accounts, exfiltrates the AI provider API key you paste into their settings.

Our Intel, your security

Our engine automates security analysis using the same methodologies trusted by professional pentesters.

License the Intel Database

Use our threat intelligence to strengthen your internal security operations. Get access through our commercial API.

Book a Demo

Protect Developer Devices

Block malicious packages, IDE extensions, browser plugins, and AI tools before install.

Discover Endpoint Protection

Secure Your Supply Chain

Secure third-party dependencies, identify real threats, remediate automatically with Aikido.

Get Secure

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
SubscribeSubscribe
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done