ai-supply-chain-security

The bundle is a comprehensive security scanner designed to detect supply chain attacks, malicious AI assistant hooks (e.g., Claude Code, Cursor), and prompt injection. The core logic in 'ai_scanner.py' and 'auto_scanner.py' uses extensive regex-based rules and a database of known malicious packages to audit local project files for risks like typosquatting, dependency confusion, and dangerous lifecycle scripts. While the code contains many 'dangerous' patterns (e.g., 'curl | bash', 'rm -rf'), they are used strictly for detection purposes. No evidence of data exfiltration, unauthorized remote control, or malicious intent was found; the tool's behavior is entirely consistent with its stated purpose.