Website: https://npm-supply-chain-attack-techniques.pagey.site

This covers all techniques used in past 1 year to conduct various attacks on npm packages. Use it to get your project reviewed thoroughly before publishing.

Exploits covered with mitigation information:

1. Maintainer Account Takeover and Malicious Publish

2. Lifecycle Hook Execution

3. Self-Replicating npm Worms

4. CI/CD Identity Plane Attacks

5. Git-Based Dependency Smuggling

6. Remote Dynamic Dependencies

7. Phishing Infrastructure Hosted Through npm and Package CDNs

8. Credential and Secret Harvesting

9. Exfiltration and Dead-Drop Channels

10. Persistence and Anti-Forensics

11. Obfuscation and Payload Packaging

12. Package Naming and Discovery Abuse