
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
使用方式
可使用命令
| 指令名称 | 指令简写 | 参数 | 参数简写 | 指令说明 | 参数说明 | 参数必填 | 使用说明 |
|---|---|---|---|---|---|---|---|
| add | a | folder-name path | f p | 安装公共组件 | 指定组件安装的文件夹名称 组件安装路径 | N Y | xanway-cli a -f folderName -p D:/@xw/xanway-cli |
| list | l | - | - | 可安装的公共组件列表 | - | N | xanway-cli l |
FAQs
> 使用方式
We found that xanway-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.