Your earliest warning for supply chain threats
Aikido Intel is the real-time supply chain intelligence feed. We detect malware and vulnerabilities in open-source ecosystems within minutes.
Most Recent
Protect Developer Devices
from Supply Chain Attacks.
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Latest Publications
Subscribe to hear about
critical security incidents
We'll send you updates on incidents as and when they happen
Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!
Three progressively compromised versions of a Microsoft-adjacent Python package deliver a full-featured infostealer that spreads through AWS and Kubernetes, exfiltrates every cloud credential it can find, and wipes disks on Israeli and Iranian systems
.png)
Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages
The Mini Shai-Hulud npm worm has hit Alibaba's @antv packages, echarts-for-react, and timeago.js. The payload steals CI/CD secrets, plants backdoors in VS Code and Claude Code, and spreads by republishing compromised packages. Here is what happened and how to protect your team.
Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack
Mini Shai-Hulud is back, compromising 169 npm packages across TanStack, UiPath, Squawk, and more to steal developer and CI/CD secrets, then spread through trusted publishing workflows.
Our Intel, Your Security
License the Intel Database
Use our threat intelligence to strengthen your internal security operations. Get access through our commercial API.
Protect Developer Devices
Block malicious packages, IDE extensions, browser plugins, and AI tools before install.
Secure Your Supply Chain
Secure third-party dependencies, identify real threats, remediate automatically with Aikido.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant