Latest incident:GitHub Advisory malware sweep — ~155 npm packages (logger/tailwind/eslint/bignumber typosquats, polymarket-onchain-* crypto-drainers) taken down 2026-07-06 (6 Jul 2026)

Check your project forcompromised dependencies

Paste your package-lock.json, pnpm-lock.yaml, yarn.lock, or requirements.txt. See in seconds whether you were exposed to one of 2026's supply-chain compromises.

Everything runs in your browser. Your lockfile never leaves your machine.

91 incidents1,452 packages tracked across all of them10 ecosystemsData range 15 Sept 2025 6 Jul 2026Last updated 6 Jul 2026

Parsed locally in your browser. Nothing leaves your device, no logging, no network round-trip.

DependencyWatch.io is one thing we do.Talk to us about the rest.

The same UK team that runs this feed runs CREST-accredited pen tests, a 24/7 SOC, and a live threat-intelligence practice. If you want the signal from this scanner feeding your defences directly, talk to us.

Talk to Precursor