Open detection and response tools from ToruAI .
When a new supply chain threat hits, we build a scanner and share it. No gatekeeping.
WAVESHAPER.V2 RAT detector — axios npm supply chain compromise (March 31, 2026)
Detects signs of the Sapphire Sleet / UNC1069 (DPRK) attack on the axios npm package. ~100M weekly downloads. ~600K installs during the 3-hour exposure window.
| Script | Platform |
|---|---|
axios-scan.sh |
macOS, Linux |
axios-scan.ps1 |
Windows (PowerShell) |
Advisory: GHSA-fw8c-xr5c-95f9
Supply chain attacks are getting faster and more targeted. Detection shouldn't be paywalled or buried in enterprise dashboards.
We release tools as threats emerge. If you use them, let us know — we iterate.
ToruAI — AI systems for operational intelligence.