A new open-source tool, npm-scan, is pitched at a 2026 wave of supply-chain attacks aimed squarely at AI developers, including malware that harvests Claude, OpenAI, Cursor and Mistral API keys straight from a machine.
The project's own comparison table claims it flags behaviours that signature-based scanners score zero on: eBPF kernel rootkits, memory-level credential extraction, and GitHub author spoofing that forges commits as "[email protected]" to pass as agent-written code. The argument is structural. npm audit checks CVE databases and Snyk scans dependency versions, but neither watches what a package actually does when it loads.
Those detection rates are the vendor's own and untested by outsiders, so treat them as a claim, not a benchmark. The threat model, though, is not hypothetical: recent weeks brought reports of thousands of trojaned GitHub repositories and poisoned packages, several engineered specifically to slip past the AI tools now writing much of the code.