From d3f35592a7fe9662d227cd83eee510d3f6d30aee Mon Sep 17 00:00:00 2001 From: "Dr. Florian Steiner" <75360256+ProduktEntdecker@users.noreply.github.com> Date: Thu, 2 Apr 2026 19:26:43 +0200 Subject: [PATCH 1/5] docs: update README with supply chain protection features Add documentation for version quarantine (72h), new package detection (7d), and low download check (<100/week). Reference the Axios supply chain attack as motivation. Update decision logic table and limitations. Closes #17 Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 73366bb..f7fb449 100644 --- a/README.md +++ b/README.md @@ -5,23 +5,36 @@ [![license](https://img.shields.io/npm/l/patchpilot)](https://github.com/ProduktEntdecker/patchpilot-cli/blob/main/LICENSE) [![Node.js](https://img.shields.io/node/v/patchpilot)](https://nodejs.org) -Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities before Claude Code installs them. +Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities **and** supply chain risks before Claude Code installs them. ## How It Works -PatchPilot is a Claude Code **pre-execution hook** that intercepts install commands: +PatchPilot is a Claude Code **pre-execution hook** that intercepts install commands and runs two checks in parallel: ``` You: "install lodash for me" ↓ Claude: "npm install lodash@4.17.0" ↓ -PatchPilot: Checks OSV database +PatchPilot: ┌─ OSV database (known CVEs) + └─ Registry metadata (supply chain signals) ↓ BLOCKED: 4 vulnerabilities found (1 critical, 3 high) ``` -Uses the [OSV (Open Source Vulnerabilities)](https://osv.dev/) database - the same data source as `npm audit`. +### Supply Chain Protection + +After the [Axios supply chain attack](https://www.every.to/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects: + +| Check | What it catches | Threshold | +|-------|----------------|-----------| +| **Version Quarantine** | Recently published versions — suggests previous stable release | < 72 hours old | +| **New Package Detection** | Brand-new packages with no history | < 7 days old | +| **Low Downloads** | Packages with no community adoption (npm only) | < 100/week | + +All three would have caught `plain-crypto-js`, the malicious package used in the Axios attack. + +Supply chain checks return `ask` (not `deny`) — you decide whether to proceed. CVE-based blocks remain automatic. ## Installation @@ -103,17 +116,21 @@ NODE_ENV=production npm install evil-pkg ## Decision Logic -| Severity | Action | -|----------|--------| -| CRITICAL or HIGH | **Block** - requires manual approval | -| MODERATE or LOW | **Allow** - with warning message | -| None found | **Allow** | +| Source | Severity | Action | +|--------|----------|--------| +| **CVE** | CRITICAL or HIGH | **Block** — requires manual approval | +| **CVE** | MODERATE or LOW | **Allow** — with warning | +| **Supply Chain** | Version < 72h / New package / Low downloads | **Ask** — you decide | +| None found | — | **Allow** | + +Supply chain checks run in parallel with CVE checks (zero additional latency) and fail-open — if the registry is unreachable, installs proceed normally. ## Limitations - **Homebrew**: OSV has no vulnerability database for Homebrew packages. Brew commands are detected but not checked. - **Private registries**: Only public npm and PyPI packages are checked. -- **Offline**: Requires internet connection to query OSV API. +- **Offline**: Requires internet connection to query OSV API and package registries. +- **Zero-day CVEs**: Supply chain heuristics catch suspicious metadata patterns, but cannot detect all novel attack vectors. ## Development From 897c7ec5b0bf885e7294c98643a9064a29bf75ba Mon Sep 17 00:00:00 2001 From: "Dr. Florian Steiner" <75360256+ProduktEntdecker@users.noreply.github.com> Date: Thu, 2 Apr 2026 20:43:12 +0200 Subject: [PATCH 2/5] fix: correct article URL to a16z.news Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f7fb449..d948c8b 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ BLOCKED: 4 vulnerabilities found (1 critical, 3 high) ### Supply Chain Protection -After the [Axios supply chain attack](https://www.every.to/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects: +After the [Axios supply chain attack](https://www.www.a16z.news/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects: | Check | What it catches | Threshold | |-------|----------------|-----------| From d212d62affb0521219d4ee64d185955305208666 Mon Sep 17 00:00:00 2001 From: "Dr. Florian Steiner" <75360256+ProduktEntdecker@users.noreply.github.com> Date: Thu, 2 Apr 2026 20:44:04 +0200 Subject: [PATCH 3/5] fix: remove duplicate www prefix in article URL Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d948c8b..807c57a 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ BLOCKED: 4 vulnerabilities found (1 critical, 3 high) ### Supply Chain Protection -After the [Axios supply chain attack](https://www.www.a16z.news/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects: +After the [Axios supply chain attack](https://www.a16z.news/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects: | Check | What it catches | Threshold | |-------|----------------|-----------| From 133e5c84d9afcc44624cbd75f87543f64950d958 Mon Sep 17 00:00:00 2001 From: "Dr. Florian Steiner" <75360256+ProduktEntdecker@users.noreply.github.com> Date: Thu, 2 Apr 2026 21:14:14 +0200 Subject: [PATCH 4/5] =?UTF-8?q?fix:=20address=20CodeRabbit=20review=20?= =?UTF-8?q?=E2=80=94=20code=20fence=20language,=20MODERATE=20decision?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add language tag to fenced code block (MD040) - Fix decision table: MODERATE → ask (not allow), matches decision.ts - Note: 7-day threshold for new package detection is correct per code Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 807c57a..35d86cc 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Security scanner for vibe coders. Automatically checks npm, pip, and brew packag PatchPilot is a Claude Code **pre-execution hook** that intercepts install commands and runs two checks in parallel: -``` +```text You: "install lodash for me" ↓ Claude: "npm install lodash@4.17.0" @@ -119,7 +119,8 @@ NODE_ENV=production npm install evil-pkg | Source | Severity | Action | |--------|----------|--------| | **CVE** | CRITICAL or HIGH | **Block** — requires manual approval | -| **CVE** | MODERATE or LOW | **Allow** — with warning | +| **CVE** | MODERATE | **Ask** — you decide | +| **CVE** | LOW | **Allow** — with warning | | **Supply Chain** | Version < 72h / New package / Low downloads | **Ask** — you decide | | None found | — | **Allow** | From 6b65a4ae5d4ecd00c513ef4e4aa4b39920133bea Mon Sep 17 00:00:00 2001 From: "Dr. Florian Steiner" <75360256+ProduktEntdecker@users.noreply.github.com> Date: Thu, 2 Apr 2026 21:23:19 +0200 Subject: [PATCH 5/5] fix: replace 'zero additional latency' with 'low added latency' Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35d86cc..4d5f97d 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ NODE_ENV=production npm install evil-pkg | **Supply Chain** | Version < 72h / New package / Low downloads | **Ask** — you decide | | None found | — | **Allow** | -Supply chain checks run in parallel with CVE checks (zero additional latency) and fail-open — if the registry is unreachable, installs proceed normally. +Supply chain checks run in parallel with CVE checks (low added latency) and fail-open — if the registry is unreachable, installs proceed normally. ## Limitations