Go to Apify Store
User picture

Jeff Rogers

halcyon_twine

Security engineer building supply-chain defense tools. Paste a lockfile, know in seconds if the latest npm attack hit you.

ACTOR STATS

3 public Actors

6 total users

1 monthly user

81.8% runs succeeded

Supply-chain security tools, built by a practitioner

I'm Jeff — a security engineer who got tired of watching teams grep lockfiles against vendor blog posts at 11pm every time an npm supply-chain attack hit. This year alone: axios, node-ipc, Red Hat's npm scope, 140+ Mastra packages. The pattern isn't slowing down.

The 30-second answer to "are we affected?"

  • Paste a package-lock.json, yarn.lock or pnpm-lock.yaml (or a GitHub URL) — get a verdict in seconds
  • Reports malicious packages only (OSV MAL-* advisories) — "you are compromised, act now", never CVE noise, so it works as a CI gate
  • Major incidents come enriched with hand-maintained response context: what the payload does, what to hunt for beyond the package, and the primary write-ups
  • Privacy by default: packages from private registries are never sent to any external API — your internal package names stay yours
  • No install, no signup with a security vendor. Works from a browser, CI, or as an MCP tool for your AI agents

New incidents are tracked continuously and enrichment ships the day they break.

Also maintained

Dependable event-data Actors — ExpoFP  and Expocad  exhibitor list scrapers with daily health monitoring.


Found an issue or need a feature? Open an issue on the Actor's Issues tab — I read every one.

Public Actors