https://socket.dev does this. Great service

It seems like AI would be the perfect tool for code package repos like NPM and PyPI to use to scan all new uploaded code and alert on vulnerabilities. 



freetx

There are many reason why I check Stacker News but the Emergency/Urgent news is my top reason.

Wumbo

Scoresby

bitdevs

NPM hack articles were mentioned multiple times on SN over the last year, I'm not a dev, I didn't pick up on this.

(Blockstream and Zeus were included in the affected wallets list but both have stated they don't use NPM and their wallets are unaffected.)

https://stacker.news/items/441476/r/nolem
28th February 2024

https://stacker.news/items/977339/r/nolem
11th May 2025

https://stacker.news/items/613912/r/nolem
19th July 2024

https://stacker.news/items/522259/r/nolem
28th April 2024

https://stacker.news/items/754534/r/nolem
5th November 2024