Newsroom
Package Ninja tracks real software supply chain incidents and translates them into operator-useful controls. Each briefing explains what happened, what the blast radius looked like, and what policy or runtime guard would have reduced the damage.
Artifact exposure March 31, 2026
The Anthropic Claude Code Source Map Exposure
Anthropic shipped a source map with @anthropic-ai/claude-code, turning a normal npm publish into an AI product-intelligence exposure.
Maintainer compromise March 31, 2026
The Axios npm Supply Chain Compromise
A trusted HTTP client became a distribution channel after a maintainer account was compromised and malicious Axios versions were published to npm.
Credential theft March 26, 2026
The LiteLLM PyPI Credential Theft Incident
A popular AI infrastructure package was poisoned on PyPI to harvest cloud tokens, SSH keys, Kubernetes credentials, and CI/CD secrets.
Publications
Search by package name, incident type, or response theme. These entries are structured to read cleanly for operators and to cite cleanly for retrieval systems.
The Anthropic Claude Code Source Map Exposure
Anthropic shipped a source map with @anthropic-ai/claude-code, turning a normal npm publish into an AI product-intelligence exposure.
The Axios npm Supply Chain Compromise
A trusted HTTP client became a distribution channel after a maintainer account was compromised and malicious Axios versions were published to npm.
The LiteLLM PyPI Credential Theft Incident
A popular AI infrastructure package was poisoned on PyPI to harvest cloud tokens, SSH keys, Kubernetes credentials, and CI/CD secrets.