Member-only story
Claude Code Skill that audits your Code for Compromised Dependencies
Supply chain attacks have been hitting hard in 2026. Axios, LiteLLM, Trivy names you trust, packages you install without thinking. And that’s exactly the problem.
I built Supply Chain Guard, an Agent Skill for Claude Code that audits your project’s dependencies against a real-time database of known compromised packages, malicious versions, and active attack campaigns. You install it once, run one command, and get a full security report.
It’s free, open-source, and available right now on aitmpl.com.
Why this matters right now
If you’re a developer in 2026, you’ve probably heard about the TeamPCP campaign. It’s the most consequential CI/CD supply chain attack documented to date. Here’s what happened:
- March 19: Trivy (a security scanner used by thousands of CI/CD pipelines) was backdoored. 75 GitHub Action tags poisoned.
- March 20: The stolen CI/CD secrets were used to deploy CanisterWorm across 141+ npm packages.
- March 24: LiteLLM, with 95 million monthly downloads, had versions 1.82.7 and 1.82.8…