OSPulse
Security

Supply chain attacks
caught before they hit you.

OSPulse's Supply Chain Compromise Intelligence monitors real-world attack feeds and detects the attack patterns that CVE databases miss — often months before a CVE is published.

Real incidents. Real impact.

These attacks happened. More are happening now.

Every example below is a documented, real-world supply chain attack. None of them were caught by traditional CVE scanners at the time of the attack.

Account Takeover

Critical

ua-parser-js (Oct 2021) — 8M weekly downloads, backdoor installed via hijacked npm account

How OSPulse detects this

OSPulse detects sudden ownership changes, suspicious new maintainer accounts, and unusual publish patterns that deviate from historical behaviour.

Malicious Code Injection

Critical

event-stream (Nov 2018) — malicious dependency added by new maintainer, 2M weekly downloads

How OSPulse detects this

OSPulse flags unexpected dependency additions in patch releases, new maintainers publishing to high-download packages, and packages appearing in active malware feeds.

Domain Hijacking

Critical

polyfill.io (Jun 2024) — domain sold, new owner serving malicious scripts to 100,000+ websites

How OSPulse detects this

OSPulse monitors domain ownership signals and registry metadata for packages that serve code from external domains, alerting when those domain ownership signals change.

Supply Chain Backdoor

Critical

xz-utils (Mar 2024) — CVE-2024-3094, nation-state actor, compromised SSH on millions of Linux installs

How OSPulse detects this

OSPulse tracks contributor patterns, flags new contributors making high-impact changes to critical packages, and correlates with breach feeds across OSV, GitHub Security Advisories, and CISA KEV.

Intentional Sabotage

High

colors.js / faker.js (Jan 2022) — author introduced infinite loop, affecting thousands of dependent packages

How OSPulse detects this

OSPulse detects sudden behavioural changes in maintainer activity, unusual commits that match known sabotage patterns, and monitors packages for regression signals across the dependency graph.

Dependency Confusion

High

Multiple financial and tech companies — internal package names squatted on public registries (Alex Birsan, Feb 2021)

How OSPulse detects this

OSPulse detects when internal package names are published to public registries and alerts engineering teams before the confused dependency is installed.

Typosquatting

High

Thousands of packages — crypto-stealers published as 'lodash', 'requst', 'expres' and similar

How OSPulse detects this

OSPulse performs edit-distance analysis across your dependency names and flags packages in your lock files that closely match popular packages but have suspicious differences.

10+ threat intelligence sources. One feed.

OSPulse aggregates and cross-references multiple intelligence sources against your actual dependency tree.

OSV.dev

Open Source Vulnerabilities database — covers npm, PyPI, Maven, Go, Cargo, and more

GitHub Advisory Database

Curated security advisories from GitHub, covering all major ecosystems

CISA KEV

CISA Known Exploited Vulnerabilities catalogue — actively exploited in the wild

npm Security Advisories

Registry-level malware and security reports from npm, Inc.

PyPI Malware Reports

Community-reported malware packages removed from PyPI

Socket.dev Threat Feed

Real-time supply chain attack detection — typosquatting, malicious packages, hijacks

Sonatype Intelligence

Deep package behavioural analysis and known bad actor tracking

NVD / NIST

National Vulnerability Database — comprehensive CVE metadata and CVSS scoring

Reversing Labs Feed

Binary-level malware detection for published packages

Custom threat feeds

Enterprise plans support private and custom threat intelligence feed ingestion

Blast radius analysis

When a compromise is detected, OSPulse immediately maps which of your applications are exposed — direct and transitive — and generates an automated response playbook.

01

Breach detected

A package appears in a live threat feed or displays a known compromise pattern.

02

Dependency graph traversal

OSPulse traverses your full dependency graph to find every affected repository, direct or transitive.

03

Blast radius mapped

Every affected application, team, and business criticality level is shown immediately with exposure depth.

04

Playbook generated

OSPulse recommends: pin to last safe version, open ticket, block CI, generate incident report — all one click.

See it in action

Request early access and we'll walk you through how OSPulse would have detected the attacks above using your own dependency estate.

Request Early Access