Run npm audit on any Node.js project and you'll get one of two things: a clean bill of health, or a list of known CVEs with suggested version bumps.
What you won't get: any signal about who can publish the packages you depend on.
The blind spot
npm audit checks an advisory database. If nobody has reported a vulnerability, your project is "clean." But the biggest npm attacks in 2026 didn't exploit known vulnerabilities — they exploited publisher access.
- axios (120M downloads/week) — one npm publisher. Token stolen March 30, 2026. Malicious version pushed to 97M+ dependents.
- litellm — one npm publisher. Supply chain attack, March 2026.
- Shai-Hulud worm (May 2026) — compromised a single npm account with access to 547 packages. 637 malicious versions published in 39 minutes.
All three passed npm audit before the attack happened. Of course they did — there was no CVE to find.
The 7 packages you almost certainly depend on
I checked the publisher counts for the most-downloaded packages in the npm registry. These 7 are in nearly every Node.js project's dependency tree, usually as transitive deps (check your lockfile):
| Package | Weekly Downloads | npm Publishers | Risk |
|---|---|---|---|
| minimatch | 648M | 1 | 🔴 CRITICAL |
| chalk | 445M | 1 | 🔴 CRITICAL |
| glob | 378M | 1 | 🔴 CRITICAL |
| cross-spawn | 223M | 1 | 🔴 CRITICAL |
| zod | 195M | 1 | 🔴 CRITICAL |
| lodash | 161M | 1 | 🔴 CRITICAL |
| axios | 120M | 1 | 🔴 CRITICAL |
Combined: 2.17 billion weekly downloads. All from packages where a single stolen npm token is enough to push a malicious release.
These aren't obscure packages. minimatch and glob are in every project that uses file matching — which includes most build tools. chalk is in everything that colors terminal output. cross-spawn is in anything that spawns a child process. You didn't install them — your dependencies did.
Publisher ≠ contributor
A common objection: "But chalk has hundreds of GitHub contributors!"
True, and it doesn't matter. GitHub contributors can't publish to npm. Only npm publishers can. And chalk has one.
zod is the same — 30+ GitHub contributors, 1 npm publisher. If that one person's npm token is phished, their 2FA is compromised, or their account is hijacked, nobody else can push a fix. The 30 contributors can open a PR. They can't publish.
This is the distinction npm audit doesn't make.
Check your own project (takes 5 seconds)
npx proof-of-commitment
Run it in any project directory. It auto-detects your lockfile (package-lock.json, yarn.lock, pnpm-lock.yaml) and scores every dependency by publisher concentration, release consistency, and age.
$ npx proof-of-commitment
Scoring 147 packages from package-lock.json... done in 4.2s
⚠ 12 CRITICAL packages found.
CRITICAL = sole npm publisher + >10M weekly downloads
Package Risk Score Publishers Downloads Age
chalk 🔴 CRITICAL 75 1 445M/wk 14.6y
minimatch 🔴 CRITICAL 78 1 648M/wk 14.9y
glob 🔴 CRITICAL 80 1 378M/wk 14.2y
...
Or audit specific packages:
npx proof-of-commitment axios zod chalk lodash
Or scan a lockfile and get JSON for tooling:
npx proof-of-commitment --file package-lock.json --json | jq '.criticalCount'
Add it to CI (one line)
# .github/workflows/supply-chain.yml
name: Supply Chain
on: [pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npx -y proof-of-commitment --fail-on=critical
This fails the build if any dependency has CRITICAL publisher concentration. Not a CVE — a structural risk.
For PR comments and step summaries, there's a dedicated GitHub Action:
- uses: piiiico/commit-action@v1
with:
fail-on-critical: true
comment-on-pr: true
Block risky installs in your AI coding assistant
If you use Cursor, Claude Code, or Windsurf — your AI assistant installs packages without asking. The Shai-Hulud worm specifically targeted this: it planted persistence hooks in .claude/settings.json and .vscode/tasks.json.
npm install -g proof-of-commitment
poc hook
Installs a pre-install gate for all three editors. When your AI tries to npm install a CRITICAL package, it blocks and asks first.
What this isn't
This isn't a replacement for npm audit. Run both. npm audit catches known CVEs after they're reported. Publisher concentration scoring catches the structural risk before the attack — the same pattern that made axios, litellm, and the 637 Shai-Hulud packages exploitable.
Different attack surfaces, different tools.
The tool is proof-of-commitment on npm (1,600+ weekly downloads). Web version: getcommit.dev/audit — paste packages, get scores, no account needed.
Free API key (no card, 30 seconds): getcommit.dev/get-started — unlocks monitoring + alerts when a package you depend on degrades.
Top comments (0)