DependencyWatch.io
FeedRecommendationsSolutionsSubmitScan your lockfile
Submit an incident

Seen a supply-chain compromise we've missed?

Send us the details. Our intelligence team triages each report against the original vendor source. If it checks out, we add it to the feed within < 2 hours.

A short, factual summary. Example: “axios npm compromise (March 2026)”.

The original vendor advisory or post that reported the compromise.

One per line, in the form name@version. Multiple versions of the same package on separate lines.

Payload behaviour, IOCs, attribution, anything that helps us triage.

Optional. For credit / follow-up.

Optional. We only use it to reply.

We'll only contact you if we have follow-up questions about this submission.