Latest incident:GitHub Advisory malware sweep — 25 npm packages (Epic Games / Unreal Engine internal-scope dependency-confusion cluster, LuminaryCloud, Reddit Voyager, nodemon family) taken down 2026-07-09 / 2026-07-10 (10 Jul 2026)
Our practice

Offensive and defensive security, from one UK-based team.

Precursor Security breaks things on purpose, watches for things being broken, and helps clean up when something already has been. The live telemetry from that work is what feeds DependencyWatch.io.

One team. Offensive, defensive, and the intelligence that connects them.

If something on this page matches what you're trying to solve, talk to us. Scoping is free, and we'll tell you honestly if we're not the right fit.

Get in touch