security-autopilot 0.1.0__tar.gz

security_autopilot-0.1.0/.claude/settings.local.json

@@ -0,0 +1,25 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(gh repo:*)",
+      "Bash(open:*)",
+      "Bash(git add:*)",
+      "Bash(git commit -m ':*)",
+      "Bash(git push:*)",
+      "Bash(bash -n install.sh)",
+      "Bash(chmod +x install.sh)",
+      "Bash(gh pr:*)",
+      "Bash(git checkout:*)",
+      "Bash(git cherry-pick:*)",
+      "Bash(git pull:*)",
+      "Bash(uv run:*)",
+      "Bash(bash -n /Users/dahleh/Desktop/projects/security-autopilot/install.sh)",
+      "Bash(gh api:*)",
+      "Bash(git rm:*)",
+      "Bash(xargs -I{} gh api --method PATCH repos/Omar-Dahleh/security-autopilot/dependabot/alerts/{} -f state=dismissed -f dismissed_reason=tolerable_risk -f dismissed_comment=\"Demo files removed from repo\")",
+      "Bash(curl -s https://pypi.org/pypi/security-autopilot/json)",
+      "Bash(python3 -c \"import sys,json; d=json.load\\(sys.stdin\\); print\\('TAKEN — version', d['info']['version']\\)\")",
+      "Bash(uv build:*)"
+    ]
+  }
+}

security_autopilot-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Run tests
+        run: uv run pytest tests/ -v

security_autopilot-0.1.0/.gitignore

@@ -0,0 +1,5 @@
+__pycache__/
+*.pyc
+.venv/
+*.db
+.env

security_autopilot-0.1.0/CLAUDE.md

@@ -0,0 +1,150 @@
+# Security Autopilot
+
+MCP server that gives Claude Code native security scanning by wrapping four
+tools — Trivy, Gitleaks, Semgrep, and a custom supply chain checker — and
+exposing them as MCP tools. Users install via a one-liner (`install.sh`);
+Claude Code then calls `scan_repo`, `scan_file`, `get_findings`, or
+`watch_project` directly from the chat prompt.
+
+---
+
+## Commands
+
+```bash
+uv run pytest tests/ -v          # run all tests
+python -m mcp_server.server      # start MCP server (stdio)
+uv tool install security-autopilot  # install as CLI tool
+```
+
+---
+
+## File map (every file, one line)
+
+```
+install.sh                          one-liner installer hosted at get.securityautopilot.dev
+docs/index.html                     minimal dark landing page (pure HTML, no framework)
+schemas/finding.json                JSON Schema for a single finding — all scanners must conform
+pyproject.toml                      package config; entry point: mcp_server.server:main
+
+mcp_server/server.py                MCP tool definitions + dispatch; calls telemetry on startup
+mcp_server/aggregator.py            SQLite cache at ~/.security-autopilot/findings.db
+mcp_server/telemetry.py             opt-in anonymous usage pings via PostHog HTTP API (stdlib only)
+mcp_server/__main__.py              allows `python -m mcp_server.server`
+
+mcp_server/tools/scan_repo.py       orchestrates all 4 scanners in parallel via asyncio.gather
+mcp_server/tools/supply_chain.py    core scanner: KNOWN_BAD list, lifecycle scripts, maintainer hijacks
+mcp_server/tools/trivy.py           CVE scanner — shells out to trivy CLI
+mcp_server/tools/gitleaks.py        secret detection — shells out to gitleaks CLI
+mcp_server/tools/semgrep.py         SAST — shells out to semgrep CLI
+mcp_server/tools/installer.py       auto-installs trivy/gitleaks/semgrep if missing (macOS + Linux)
+
+daemon/watcher.py                   watchdog daemon; re-scans on manifest file changes; sends desktop notifications
+daemon/scheduler.py                 auto-detects new projects in ~/projects, ~/code, ~/Desktop/projects
+
+tests/test_supply_chain.py          unit tests for supply chain scanner (axios attack fixture)
+tests/test_integration.py           integration tests for scan_repo end-to-end
+tests/fixtures/axios_attack/        package.json pinned to axios@1.14.1 (known-bad)
+```
+
+---
+
+## Unified finding schema
+
+Every scanner must return a `list[dict]` where each dict conforms to
+`schemas/finding.json`. Deviations will fail aggregator validation.
+
+```json
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "SecurityFinding",
+  "type": "object",
+  "required": ["id", "scanner", "severity", "title", "description", "remediation"],
+  "properties": {
+    "id":          { "type": "string", "format": "uuid" },
+    "scanner":     { "type": "string", "enum": ["supply_chain", "trivy", "gitleaks", "semgrep"] },
+    "severity":    { "type": "string", "enum": ["critical", "high", "medium", "low", "info"] },
+    "title":       { "type": "string" },
+    "description": { "type": "string" },
+    "file":        { "type": ["string", "null"] },
+    "line":        { "type": ["integer", "null"] },
+    "remediation": { "type": "string" },
+    "references":  { "type": "array", "items": { "type": "string" } }
+  }
+}
+```
+
+**Severity values:** `critical | high | medium | low | info`
+**Rule:** if the CLI tool is not installed, return one `info` finding —
+never raise an exception.
+
+---
+
+## Known-bad versions list
+
+`mcp_server/tools/supply_chain.py` → `KNOWN_BAD` list at the top of the file.
+
+```python
+KNOWN_BAD: list[dict[str, str]] = [
+    {"name": "axios",           "version": "1.14.1", "reason": "supply chain RAT March 2026 — postinstall dropper"},
+    {"name": "axios",           "version": "0.30.4", "reason": "supply chain RAT March 2026 — postinstall dropper"},
+    {"name": "plain-crypto-js", "version": "4.2.1",  "reason": "axios attack dropper — remote access trojan"},
+]
+```
+
+Add new entries as `{"name": "pkg", "version": "x.y.z", "reason": "..."}`.
+
+---
+
+## Adding a new scanner
+
+1. Create `mcp_server/tools/my_scanner.py`
+2. Implement `async def scan(project_path: str) -> list[dict]`
+3. Each finding must conform to the schema above
+4. Return an `info` finding (not a crash) if the CLI tool is not installed
+5. Add to `_SCANNER_MAP` in `scan_repo.py`
+6. Register the new scanner name in `schemas/finding.json` → `scanner.enum`
+7. Add tests in `tests/`
+
+---
+
+## Coding rules
+
+- **Async only** — all scanner functions are `async def`; no blocking I/O on
+  the event loop. Shell out with `asyncio.create_subprocess_exec`, not
+  `subprocess.run`.
+- **Graceful degradation** — a missing CLI tool, network timeout, or parse
+  error must never crash the server. Return an `info` finding with a clear
+  message; log the exception to stderr.
+- **Idempotency** — `install.sh` and the claude.json patch are safe to run
+  multiple times without side effects.
+- **No new dependencies for telemetry** — `telemetry.py` uses stdlib `urllib`
+  only. Do not add the PostHog SDK.
+- **Test coverage** — every scanner needs at minimum: (a) a happy-path test
+  with a real fixture, (b) a test for the "tool not installed" info-finding
+  path. Integration tests live in `test_integration.py`.
+
+---
+
+## Current status
+
+### Built
+- MCP server with four tools: `scan_repo`, `scan_file`, `get_findings`, `watch_project`
+- Supply chain scanner with KNOWN_BAD blocklist, lifecycle script detection, maintainer hijack heuristics
+- Trivy, Gitleaks, Semgrep wrappers that shell out to CLI tools
+- Auto-installer (`installer.py`) for missing CLI tools — macOS (brew) + Linux (curl)
+- SQLite findings cache via `aggregator.py`
+- Background file watcher (`daemon/watcher.py`) + project auto-detector (`daemon/scheduler.py`)
+- Opt-in anonymous telemetry (`telemetry.py`) — PostHog, no SDK, prompted on first run
+- `install.sh` one-liner for end users
+- `docs/index.html` minimal landing page
+
+### PostHog key not yet configured
+`mcp_server/telemetry.py` line 17 and `docs/index.html` line 9 both contain
+`YOUR_POSTHOG_KEY` — replace with the real `phc_...` key once the account is created.
+
+### What's next (known gaps)
+- No CLI beyond the MCP server — `security-autopilot daemon start` does not exist
+- `daemon/scheduler.py` has no entry point wired to `server.py`
+- No PyPI publish yet (`uv tool install security-autopilot` will fail until published)
+- GitHub Actions CI (`ci.yml`) — verify it passes on push
+- `install.sh` tested locally but not yet on a clean Ubuntu 22 VM

security_autopilot-0.1.0/PKG-INFO

@@ -0,0 +1,235 @@
+Metadata-Version: 2.4
+Name: security-autopilot
+Version: 0.1.0
+Summary: MCP server giving Claude Code native security scanning superpowers
+License: MIT
+Requires-Python: >=3.11
+Requires-Dist: aiosqlite>=0.20.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: mcp>=1.0.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: watchdog>=4.0.0
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+<div align="center">
+
+# 🛡️ Security Autopilot
+
+### The security scanner that works *while you code* — not after you ship.
+
+[![Tests](https://img.shields.io/badge/tests-10%20passing-brightgreen)](tests/)
+[![Python](https://img.shields.io/badge/python-3.11%2B-blue)](pyproject.toml)
+[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
+[![MCP](https://img.shields.io/badge/MCP-compatible-purple)](https://modelcontextprotocol.io)
+
+</div>
+
+---
+
+## The Problem
+
+On **March 30, 2026**, two malicious versions of `axios` — one of the most downloaded npm packages on the planet — were quietly published to npm.
+
+They contained **zero suspicious code inside axios itself**. Any developer who inspected the source would have found nothing wrong.
+
+Instead, they silently injected a fake dependency called `plain-crypto-js` that ran a **postinstall script the moment you ran `npm install`**. That script phoned home to a command-and-control server and dropped a remote access trojan tailored to your OS.
+
+After delivering the payload, it deleted itself and swapped its own `package.json` for a clean decoy. **No trace. No warning. No audit trail.**
+
+`npm audit` reported nothing. GitHub Dependabot reported nothing. Standard code review caught nothing.
+
+> **This is the new shape of supply chain attacks** — and your existing tools aren't built to catch them.
+
+---
+
+## What Security Autopilot Does
+
+Security Autopilot is an **MCP server** that plugs directly into Claude Code and gives it real security scanning superpowers. You talk to Claude naturally — it runs the scans.
+
+It catches the class of attacks that traditional tools miss:
+
+| What it catches | How it catches it |
+|---|---|
+| 🔴 **Known-malicious packages** (axios@1.14.1, plain-crypto-js@4.2.1) | Blocklist checked before any install |
+| 🟠 **Maintainer account hijacks** | Detects publisher email changes between versions |
+| 🟠 **Postinstall script injection** | Flags any `preinstall`, `install`, `postinstall`, `prepare` lifecycle scripts |
+| 🟡 **Recently published versions** | 72-hour cooldown gate on new releases |
+| 🔵 **Floating version pins** | Flags `^` and `~` pins that allow silent upgrades |
+| 🔵 **Missing SLSA provenance** | Detects packages published without cryptographic build attestations |
+| 🟠 **Exposed secrets & credentials** | Gitleaks scans every file for hardcoded API keys, tokens, passwords |
+| 🟡 **CVEs in your dependencies** | Trivy scans against the full NVD vulnerability database |
+| 🟡 **Code-level security bugs** | Semgrep catches `eval(userInput)`, SQL injection, XSS, and 1000+ other patterns |
+
+---
+
+## How It Works
+
+```
+You type:  "is my supply chain safe?"
+              │
+              ▼
+        Claude Code calls scan_repo()
+              │
+    ┌─────────┴──────────┐
+    │   4 scanners run   │  ← all in parallel, ~10 seconds total
+    │   simultaneously   │
+    └─────────┬──────────┘
+              │
+    ┌─────────┴────────────────────────────────────┐
+    │  Supply Chain  │  Trivy  │  Gitleaks  │  Semgrep  │
+    └─────────┬────────────────────────────────────┘
+              │
+              ▼
+    Claude summarises findings in plain English
+    with severity, location, and exact fix steps
+```
+
+Missing a scanner? **Security Autopilot installs it for you automatically** — no setup required.
+
+---
+
+## Quick Start
+
+### 1. Install (one command)
+
+```bash
+curl -fsSL https://get.securityautopilot.dev | sh
+```
+
+This installs `uv`, the MCP server, all scanner CLIs (trivy, gitleaks, semgrep), and automatically patches `~/.claude/claude.json` to register the plugin. Safe to run twice.
+
+> **Telemetry:** On first run you'll be asked whether to share anonymous usage data (OS + Python version). You can opt out at any time by deleting `~/.security-autopilot/telemetry_consent`.
+
+### 2. Restart Claude Code
+
+That's it — no manual config needed.
+
+### 3. Just talk to Claude
+
+```
+"scan this project for security issues"
+"any secrets exposed in this codebase?"
+"is my supply chain safe?"
+"check my dependencies for known vulnerabilities"
+"watch this project and alert me to new issues"
+```
+
+---
+
+## What a Scan Looks Like
+
+```
+## Security Scan: `/your/project`
+Scanners: supply_chain, trivy, gitleaks, semgrep  |  Duration: 8.3s
+Found: 4 issues — 🔴 1 critical  🟠 2 high  🟡 0 medium  🔵 1 low
+
+### 🔴 [CRITICAL] Known-malicious package: axios@1.14.1
+Location: package.json
+Scanner: supply_chain
+
+axios@1.14.1 is on the known-bad blocklist.
+Reason: supply chain RAT March 2026 — postinstall dropper
+
+Remediation: Remove axios@1.14.1 immediately. Downgrade to axios@1.14.0.
+Rotate all secrets on affected machines — this version installs a
+remote access trojan.
+
+### 🟠 [HIGH] Exposed aws-secret-access-key secret in .env
+Location: .env:3
+Scanner: gitleaks
+
+Rotate this credential immediately — assume it is compromised.
+Add `.env` to .gitignore to prevent future commits.
+```
+
+---
+
+## MCP Tools
+
+Claude gets access to 4 tools automatically:
+
+| Tool | What it does |
+|---|---|
+| `scan_repo(path)` | Full scan — all 4 scanners in parallel |
+| `scan_file(filepath)` | Scan a single file |
+| `get_findings(severity)` | Retrieve cached findings from previous scans |
+| `watch_project(path)` | Start a background daemon that re-scans on file changes |
+
+The background watcher also sends a **desktop notification** the moment a new critical or high finding is detected — even if Claude Code isn't open.
+
+---
+
+## Scanners
+
+| Scanner | What it catches | Auto-installed? |
+|---|---|---|
+| **Supply Chain** | Known-bad versions, account hijacks, lifecycle scripts, floating pins, SLSA gaps | ✅ Built-in |
+| **Trivy** | CVEs in npm, pip, Go, Rust, Java dependencies | ✅ Auto-installed |
+| **Gitleaks** | Hardcoded secrets, API keys, tokens, passwords | ✅ Auto-installed |
+| **Semgrep** | 1000+ SAST rules: injection, XSS, insecure patterns | ✅ Auto-installed |
+
+---
+
+## For Contributors
+
+```bash
+# Run tests
+uv run pytest tests/ -v
+
+# Start the MCP server manually
+python -m mcp_server.server
+
+# Add a new scanner
+# → see CLAUDE.md for the exact pattern to follow
+```
+
+### Adding a scanner takes ~50 lines
+
+Every scanner follows the same pattern:
+
+```python
+# mcp_server/tools/my_scanner.py
+from .installer import ensure_installed
+
+async def scan(project_path: str) -> list[dict]:
+    if not await ensure_installed("my-tool"):
+        return [_not_installed_finding()]
+    # ... run subprocess, parse output, return findings
+```
+
+See `schemas/finding.json` for the unified finding schema all scanners must conform to.
+
+---
+
+## Known-Bad Versions
+
+The supply chain scanner ships with a blocklist that is updated as attacks are discovered:
+
+```python
+# mcp_server/tools/supply_chain.py → KNOWN_BAD
+[
+  {"name": "axios",           "version": "1.14.1", "reason": "supply chain RAT March 2026"},
+  {"name": "axios",           "version": "0.30.4", "reason": "supply chain RAT March 2026"},
+  {"name": "plain-crypto-js", "version": "4.2.1",  "reason": "axios attack dropper"},
+]
+```
+
+PRs to extend this list are welcome.
+
+---
+
+## License
+
+MIT — free to use, modify, and distribute.
+
+---
+
+<div align="center">
+
+Built in response to the **March 2026 axios supply chain attack**.  
+Because `npm audit` wasn't enough.
+
+</div>

security_autopilot-0.1.0/README.md

@@ -0,0 +1,219 @@
+<div align="center">
+
+# 🛡️ Security Autopilot
+
+### The security scanner that works *while you code* — not after you ship.
+
+[![Tests](https://img.shields.io/badge/tests-10%20passing-brightgreen)](tests/)
+[![Python](https://img.shields.io/badge/python-3.11%2B-blue)](pyproject.toml)
+[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
+[![MCP](https://img.shields.io/badge/MCP-compatible-purple)](https://modelcontextprotocol.io)
+
+</div>
+
+---
+
+## The Problem
+
+On **March 30, 2026**, two malicious versions of `axios` — one of the most downloaded npm packages on the planet — were quietly published to npm.
+
+They contained **zero suspicious code inside axios itself**. Any developer who inspected the source would have found nothing wrong.
+
+Instead, they silently injected a fake dependency called `plain-crypto-js` that ran a **postinstall script the moment you ran `npm install`**. That script phoned home to a command-and-control server and dropped a remote access trojan tailored to your OS.
+
+After delivering the payload, it deleted itself and swapped its own `package.json` for a clean decoy. **No trace. No warning. No audit trail.**
+
+`npm audit` reported nothing. GitHub Dependabot reported nothing. Standard code review caught nothing.
+
+> **This is the new shape of supply chain attacks** — and your existing tools aren't built to catch them.
+
+---
+
+## What Security Autopilot Does
+
+Security Autopilot is an **MCP server** that plugs directly into Claude Code and gives it real security scanning superpowers. You talk to Claude naturally — it runs the scans.
+
+It catches the class of attacks that traditional tools miss:
+
+| What it catches | How it catches it |
+|---|---|
+| 🔴 **Known-malicious packages** (axios@1.14.1, plain-crypto-js@4.2.1) | Blocklist checked before any install |
+| 🟠 **Maintainer account hijacks** | Detects publisher email changes between versions |
+| 🟠 **Postinstall script injection** | Flags any `preinstall`, `install`, `postinstall`, `prepare` lifecycle scripts |
+| 🟡 **Recently published versions** | 72-hour cooldown gate on new releases |
+| 🔵 **Floating version pins** | Flags `^` and `~` pins that allow silent upgrades |
+| 🔵 **Missing SLSA provenance** | Detects packages published without cryptographic build attestations |
+| 🟠 **Exposed secrets & credentials** | Gitleaks scans every file for hardcoded API keys, tokens, passwords |
+| 🟡 **CVEs in your dependencies** | Trivy scans against the full NVD vulnerability database |
+| 🟡 **Code-level security bugs** | Semgrep catches `eval(userInput)`, SQL injection, XSS, and 1000+ other patterns |
+
+---
+
+## How It Works
+
+```
+You type:  "is my supply chain safe?"
+              │
+              ▼
+        Claude Code calls scan_repo()
+              │
+    ┌─────────┴──────────┐
+    │   4 scanners run   │  ← all in parallel, ~10 seconds total
+    │   simultaneously   │
+    └─────────┬──────────┘
+              │
+    ┌─────────┴────────────────────────────────────┐
+    │  Supply Chain  │  Trivy  │  Gitleaks  │  Semgrep  │
+    └─────────┬────────────────────────────────────┘
+              │
+              ▼
+    Claude summarises findings in plain English
+    with severity, location, and exact fix steps
+```
+
+Missing a scanner? **Security Autopilot installs it for you automatically** — no setup required.
+
+---
+
+## Quick Start
+
+### 1. Install (one command)
+
+```bash
+curl -fsSL https://get.securityautopilot.dev | sh
+```
+
+This installs `uv`, the MCP server, all scanner CLIs (trivy, gitleaks, semgrep), and automatically patches `~/.claude/claude.json` to register the plugin. Safe to run twice.
+
+> **Telemetry:** On first run you'll be asked whether to share anonymous usage data (OS + Python version). You can opt out at any time by deleting `~/.security-autopilot/telemetry_consent`.
+
+### 2. Restart Claude Code
+
+That's it — no manual config needed.
+
+### 3. Just talk to Claude
+
+```
+"scan this project for security issues"
+"any secrets exposed in this codebase?"
+"is my supply chain safe?"
+"check my dependencies for known vulnerabilities"
+"watch this project and alert me to new issues"
+```
+
+---
+
+## What a Scan Looks Like
+
+```
+## Security Scan: `/your/project`
+Scanners: supply_chain, trivy, gitleaks, semgrep  |  Duration: 8.3s
+Found: 4 issues — 🔴 1 critical  🟠 2 high  🟡 0 medium  🔵 1 low
+
+### 🔴 [CRITICAL] Known-malicious package: axios@1.14.1
+Location: package.json
+Scanner: supply_chain
+
+axios@1.14.1 is on the known-bad blocklist.
+Reason: supply chain RAT March 2026 — postinstall dropper
+
+Remediation: Remove axios@1.14.1 immediately. Downgrade to axios@1.14.0.
+Rotate all secrets on affected machines — this version installs a
+remote access trojan.
+
+### 🟠 [HIGH] Exposed aws-secret-access-key secret in .env
+Location: .env:3
+Scanner: gitleaks
+
+Rotate this credential immediately — assume it is compromised.
+Add `.env` to .gitignore to prevent future commits.
+```
+
+---
+
+## MCP Tools
+
+Claude gets access to 4 tools automatically:
+
+| Tool | What it does |
+|---|---|
+| `scan_repo(path)` | Full scan — all 4 scanners in parallel |
+| `scan_file(filepath)` | Scan a single file |
+| `get_findings(severity)` | Retrieve cached findings from previous scans |
+| `watch_project(path)` | Start a background daemon that re-scans on file changes |
+
+The background watcher also sends a **desktop notification** the moment a new critical or high finding is detected — even if Claude Code isn't open.
+
+---
+
+## Scanners
+
+| Scanner | What it catches | Auto-installed? |
+|---|---|---|
+| **Supply Chain** | Known-bad versions, account hijacks, lifecycle scripts, floating pins, SLSA gaps | ✅ Built-in |
+| **Trivy** | CVEs in npm, pip, Go, Rust, Java dependencies | ✅ Auto-installed |
+| **Gitleaks** | Hardcoded secrets, API keys, tokens, passwords | ✅ Auto-installed |
+| **Semgrep** | 1000+ SAST rules: injection, XSS, insecure patterns | ✅ Auto-installed |
+
+---
+
+## For Contributors
+
+```bash
+# Run tests
+uv run pytest tests/ -v
+
+# Start the MCP server manually
+python -m mcp_server.server
+
+# Add a new scanner
+# → see CLAUDE.md for the exact pattern to follow
+```
+
+### Adding a scanner takes ~50 lines
+
+Every scanner follows the same pattern:
+
+```python
+# mcp_server/tools/my_scanner.py
+from .installer import ensure_installed
+
+async def scan(project_path: str) -> list[dict]:
+    if not await ensure_installed("my-tool"):
+        return [_not_installed_finding()]
+    # ... run subprocess, parse output, return findings
+```
+
+See `schemas/finding.json` for the unified finding schema all scanners must conform to.
+
+---
+
+## Known-Bad Versions
+
+The supply chain scanner ships with a blocklist that is updated as attacks are discovered:
+
+```python
+# mcp_server/tools/supply_chain.py → KNOWN_BAD
+[
+  {"name": "axios",           "version": "1.14.1", "reason": "supply chain RAT March 2026"},
+  {"name": "axios",           "version": "0.30.4", "reason": "supply chain RAT March 2026"},
+  {"name": "plain-crypto-js", "version": "4.2.1",  "reason": "axios attack dropper"},
+]
+```
+
+PRs to extend this list are welcome.
+
+---
+
+## License
+
+MIT — free to use, modify, and distribute.
+
+---
+
+<div align="center">
+
+Built in response to the **March 2026 axios supply chain attack**.  
+Because `npm audit` wasn't enough.
+
+</div>