Catching the LiteLLM and Telnyx supply chain zero-days via semantic analysis

https://news.ycombinator.com/rss Hits: 1
Summary

Secure your dependencies with style πŸ›‘οΈ Multi-Ecosystem Supports npm (package.json) and Python (requirements.txt) with more coming soon Remote Repository Scanning Clone and scan any Git repository directly without manual setup Multiple Data Sources Queries OSV for comprehensive vulnerability coverage Provenance Verification Automatically checks for SLSA provenance attestations to verify package integrity Beautiful UI Colorful, emoji-rich terminal output with automatic light/dark mode detection CI/CD Ready JSON output and exit codes make it perfect for automation pipelines Severity Filtering Filter vulnerabilities by severity level (CRITICAL, HIGH, MEDIUM, LOW) Recursive Scanning Automatically finds all dependency files in your project tree Fast & Efficient Parallel API requests and smart caching for quick scans Extensible Easy to add new data sources and package managers Install globally: Terminal window npm install -g who-touched-my-packages Scan your project: Terminal window wtmp That’s it! The tool will recursively scan your project and report any vulnerabilities πŸŽ‰ πŸ›‘οΈ Who Touched My Packages? Scanning dependencies for vulnerabilities... βœ” Found 2 dependency file(s) βœ” Parsed 16 package(s) ════════════════════════════════════════════════════════════ πŸ›‘οΈ Security Audit Summary ════════════════════════════════════════════════════════════ Scanned Packages: 16 Total Vulnerabilities: 3 πŸ”΄ Critical: 1 🟠 High: 2 ════════════════════════════════════════════════════════════ Why Who Touched My Packages? Section titled β€œWhy Who Touched My Packages?” Beautiful UX : Security tools should be pleasant to use : Security tools should be pleasant to use Multiple Sources : Don’t rely on a single vulnerability database : Don’t rely on a single vulnerability database Extensible : Easy to add new data sources and package managers : Easy to add new data sources and package managers Fast : Optimized for large monorepos : Optimized for large monorepos Free: No API keys or paid plans required

First seen: 2026-03-29 17:56

Last seen: 2026-03-29 17:56

Read Full Article More from this Source
Related News
Show HN: I made a "programming language" looking for feedback
2026-03-29 Β· 1 hits
Personal AI Development Environment
2026-03-29 Β· 1 hits
Creating West Coast Buddhism (2024)
2026-03-29 Β· 1 hits
A Message from the Ruby Central Board
2026-03-29 Β· 1 hits
Show HN: Sheet Ninja – Google Sheets as a CRUD Back End for Vibe Coders
2026-03-29 Β· 5 hits