Over the last few weeks, supply chain security has once again become a very real problem for developers. We keep seeing the same attack pattern: CI/CD token stolen → malicious package version published → developers install or update dependencies → compromised code lands on real machines Enter fullscreen mode Exit fullscreen mode And the worst part is simple: You may already have one of those compromised packages on your machine without knowing it. That is why I built LibKill . What is LibKill? LibKill is an open-source supply chain security scanner. It checks your local development environment against a database of known compromised package artifacts. Currently, it scans: npm global packages pip packages Bun cache Then it cross-references what it finds against 2,672+ known compromised package artifacts . If something suspicious is detected, LibKill can help you remove it interactively. Why I built it Most developers hear about compromised packages after the damage is already done. A package gets reported.…