I built MUAD'DIB to catch supply chain attacks before they hit your project. It runs 24/7 on a 4€/month VPS, scanning every new npm and PyPI package published worldwide. It's free, open source, and I'm looking for feedback.
What it does
MUAD'DIB scans npm and PyPI packages for signs of malicious code. Not just known bad packages - it actually reads the code, runs it in an isolated sandbox, and looks for suspicious behavior.
14 detection engines + dynamic sandbox:
- AST analysis - parses JavaScript with Acorn and flags dangerous patterns (eval with dynamic args, child_process spawning, credential access)
- Dataflow tracking - connects the dots between reading a sensitive file and sending it over HTTP
-
Shell pattern detection - catches
curl | sh, reverse shells, and destructive commands in npm scripts - Typosquatting - flags dependencies that look like popular packages (Levenshtein distance)
- Obfuscation detection - spots hex encoding, single-char variables, _0x patterns, base64+eval
- Entropy analysis - detects encoded/encrypted payloads
- IOC matching - compares against 225,000+ npm and 14,000+ PyPI known malicious packages
- Hash verification - SHA-256 matching against known malware files
- Package metadata - analyzes package.json for suspicious lifecycle scripts
- GitHub Actions - detects injection vulnerabilities in workflow files
- AI config injection - detects prompt injection in .cursorrules, CLAUDE.md, copilot-instructions.md
- Temporal analysis - detects sudden dangerous API additions between versions
- Maintainer analysis - flags suspicious maintainer changes (account takeover)
- Publish anomaly - detects burst publishing, dormant package spikes (compromised accounts)
Docker sandbox with behavioral analysis:
- Executes packages in isolated container (cap-drop, read-only, memory/cpu limits)
- Captures network traffic (DNS, HTTP, TLS) via tcpdump
- Traces system calls via strace
- Canary tokens - injects fake AWS keys, GitHub tokens, npm tokens as honeypots. If the malware tries to exfiltrate them → instant detection, no false positive possible
Real-time monitoring
I run MUAD'DIB 24/7 on a VPS. It polls npm and PyPI registries every 60 seconds and scans every new package published worldwide.
The flow:
- New package appears on npm/PyPI RSS feed
- Static analysis (14 scanners) → if HIGH/CRITICAL findings
- Automatic Docker sandbox with canary tokens
- If sandbox confirms malicious behavior → instant Discord alert
- If sandbox is clean → marked as false positive, no alert
96,000+ packages scanned since launch. Daily reports at 08:00 Paris time.
Quick demo
npx muaddib-scanner scan .
That's it. No account, no API key, no quota.
You get a risk score from 0 to 100, a threat breakdown, and response playbooks telling you what to do if something is flagged.
[SCORE] 78/100 [████████████████░░░░] CRITICAL
1. [CRITICAL] suspicious_dataflow
Credentials read (GITHUB_TOKEN) + network send (fetch)
File: node_modules/evil-pkg/index.js
→ CRITICAL: Code reads credentials and sends them over network.
Isolate machine, regenerate all secrets.
How to use it
CLI:
npm install -g muaddib-scanner
muaddib scan ./my-project
muaddib scan ./my-project --sandbox # run in Docker sandbox
muaddib scan ./my-project --json # machine-readable output
muaddib scan ./my-project --sarif # for GitHub Code Scanning
muaddib scan ./my-project --paranoid # ultra-strict mode
Safe install (scans before installing):
muaddib install some-package
Version diff (compare two versions):
muaddib diff lodash 4.17.20 4.17.21
Update IOC database:
muaddib update
GitHub Action:
- uses: DNSZLSK/muad-dib@master
with:
scan_path: '.'
fail_on: 'high'
VS Code extension: search "MUAD'DIB" in the marketplace.
What I'm looking for
I've tested MUAD'DIB against 51 real-world malware samples (event-stream, ua-parser-js, coa, colors, Shai-Hulud, and more) with 91.8% detection rate. 100% on 78 adversarial test cases. But I need people to run it on real projects and tell me:
- False positives - did it flag something legitimate? What was it?
- Missed threats - did you find something suspicious that MUAD'DIB didn't catch?
- Evasion techniques - can you write a malicious package that bypasses detection?
- Performance - how long did it take on large projects? Any hangs?
If you find something, open an issue on GitHub or drop a comment here.
The numbers
| Metric | Value |
|---|---|
| Detection engines | 14 + Docker sandbox |
| npm IOCs | 225,000+ |
| PyPI IOCs | 14,000+ |
| Detection rules | 94 |
| Unit tests | 862 |
| Ground truth samples | 51 real-world malware |
| True positive rate | 91.8% (45/49) |
| Adversarial detection | 100% (78/78) |
| False positive rate | ~13% (working on it) |
| Packages scanned (monitoring) | 96,000+ |
| Price | Free forever |
Transparency
The code was written with Claude (Anthropic). I directed the architecture, made design decisions, did testing and security audits, but the actual code was generated by AI. I prefer to be upfront about that.
I'm in career transition (former plumber/chef), currently in software development training in France, looking for an internship May-July 2026 in cybersecurity or development.
Why not just use Snyk/Socket?
You should, they're professional tools with dedicated security teams. MUAD'DIB is a personal project, not comparable.
What MUAD'DIB offers:
- No account, no API key
- Open source and auditable
- Docker sandbox with canary tokens
- 24/7 real-time monitoring capability
- Free
Top comments (1)
This is actually quite useful, especially for devs installing packages and not knowing if there is any backdoor and such. Great work!