Documentation
¶
Overview ¶
Sandtrap — behavioral supply chain scanner for npm and PyPI packages.
It inspects package tarballs and registry metadata for the patterns used by real-world supply chain attacks (Shai-Hulud, Mini Shai-Hulud, axios compromise, etc.): install-script hooks, obfuscated payloads, credential harvesting and exfiltration primitives.
Click to show internal directories.
Click to hide internal directories.