wormsign

Wormsign is the side project of a full-time security engineer researching npm & PyPI supply-chain compromise. The real-time race to flag malicious packages is run well by the teams listed below — so rather than duplicate it, wormsign focuses on the layer that isn't published as a feed: it detonates confirmed-malicious packages in a sandbox and extracts the network/file indicators & ATT&CK TTPs behind them, as a structured, edge-blockable STIX 2.1 / TAXII feed so blue teams can hunt and block decisively — built for the long tail and historical depth. Anonymous on purpose; OpSec over recognition. Reach out via @w0rmsign or w0rmsign@proton.me (security disclosures, indicator-feed access, false-positive reports — security.txt).