attack replayFeb 21, 2026
SHA1HULUD: crypto exfil to Binance
jadoonf/sha1-hulud-research · npm CI sandbox
An install-time payload reached external chain and storage endpoints during an npm install while CI logs stayed clean.
egress api.mainnet.aptoslabs.com · api.trongrid.io · bsc-dataseed.binance.org · drive.google.com · drive.usercontent.google.com · fullnode.mainnet.aptoslabs.com
code_on_the_flyexec_from_unusual_dirflowinterpreter_shell_spawn
attack replayFeb 25, 2026
SHA1HULUD: second replay
jadoonf/sha1-hulud-research · npm CI sandbox
A second SHA1HULUD replay showing npm install-time egress to external destinations under monitoring.
egress pastebin.com · registry.npmjs.org
exec_from_unusual_dirflowplaintext_communication
attack replayMar 19, 2026
Glassworm: invisible Unicode payload
jadoonf/glassworm-poc · Glassworm PoC — Invisible Unicode Supply Chain Attack
Steganographic Unicode hidden in source executed at install and reached out over the network, invisible to code review.
egress httpbin.org
code_on_the_flyexec_from_unusual_dirflow
attack replayMar 19, 2026
Glassworm: npm install vector
jadoonf/glassworm-poc · Install from npmjs
The Glassworm package installed straight from the npm registry under monitoring, showing the install-time delivery path.
egress api.ipify.org · cloudflareinsights.vercel.app · github.com · registry.npmjs.org · release-assets.githubusercontent.com
dropipexec_from_unusual_dirflow
attack replayApr 3, 2026
Clinejection: agent package delivery
jadoonf/clinejection-poc · Clinejection Stage 3 — Nightly Pivot: cline@2.3.0 Delivery
Final stage of an AI-agent prompt-injection chain: a poisoned cline release is delivered under instrumentation.
egress registry.npmjs.org
credentials_files_accessexec_from_unusual_dirflow
attack replayApr 3, 2026
Clinejection: GHA cache poisoning
jadoonf/clinejection-poc · Clinejection Stage 2 — Cacheract Cache Poisoning
Cache-poisoning stage that spawned an interpreter shell and reached the Actions cache to plant a tainted artifact.
egress blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · glb-db52c2cf8be544.github.com · productionresultssa19.blob.core.windows · results-receiver.actions.githubusercontent
flowinterpreter_shell_spawn
attack replayApr 3, 2026
Clinejection: prompt injection entry
jadoonf/clinejection-poc · Clinejection Stage 1 — Prompt Injection → Preinstall Exfil
Entry point of the chain: a prompt injection triggers a preinstall script that phones out before any human reviews the change.
egress api.github.com · glb-2a3c35-public-internal.githubapp.com · hosted-compute-watchdog-prod-iad-02.githubapp
flow
notable behaviorMay 23, 2026
pnpm: full CI profile
pnpm/pnpm · CI
The richest profile in the catalogue: a real pnpm CI run profiled end-to-end, with the full install + test lineage and registry egress visible.
egress blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · codeload.github.com · github.com · glb-db52c2cf8be544.github.com · nodejs.org
credentials_files_accessexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
notable behaviorJun 17, 2026
pnpm: TypeScript CI
pnpm/pnpm · TS CI
pnpm's TypeScript end-to-end suite, showing a deep multi-tree install/test lineage under monitoring.
egress blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · blob.bnz49prdstrz09a.store.core.windows · blob.bnz49prdstrz09a.trafficmanager.net · codeload.github.com · dualstack.k.sni.global.fastly.net
credentials_files_accessexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
clean baselineMar 12, 2026
PostHog: frontend CI
umar-sik/posthog · Frontend CI
PostHog's frontend build profiled, with the turbo build system's process tree captured from the runner down to the shell.
egress api.github.com · github.com · glb-db52c2cf8be544.github.com · registry.npmjs.org · release-assets.githubusercontent.com · results-receiver.actions.githubusercontent
flowhidden_elf_execinterpreter_shell_spawn
notable behaviorMay 4, 2026
Dub: Playwright E2E
garnet-labs/dub · Playwright E2E Tests
Dub's end-to-end Playwright run with its services and browser drivers visible across multiple process trees.
egress 0.gravatar.com · assets.dub.co · avatar.vercel.sh · blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · d1tcqh4bio8cty.cloudfront.net
code_modification_through_procfsexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
clean baselineApr 1, 2026
shopFast: external adoption
4ndersonLin/shopFast · CI
An external user's project profiled organically in its own CI under Garnet monitoring.
egress blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · glb-db52c2cf8be544.github.com · productionresultssa19.blob.core.windows · registry.npmjs.org · results-receiver.actions.githubusercontent
exec_from_unusual_dirflowinterpreter_shell_spawn
notable behaviorApr 15, 2026
Axios: CI profiled
garnet-labs/axios · Continuous integration
The axios HTTP client's CI profiled, showing its browser-testing lineage under monitoring.
egress azurefd-critical-t-prod-stage2.trafficmanager · glb-db52c2cf8be544.github.com · packages.microsoft.com · part-0012.t-0009.t-msedge.net · pmc-prod-afd-endpoint-evdhh8f8byhsezfp.b01 · registry.npmjs.org
code_modification_through_procfsexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
notable behaviorApr 15, 2026
Trivy: scanner profiled
garnet-labs/trivy · Test
The Trivy vulnerability scanner profiled across many process trees, with its build system captured.
ead0a1177bb6fb1744b437e93670d7f egress api.github.com · d2jiepz2fi8hgn.cloudfront.net · github.com · glb-db52c2cf8be544.github.com · golangci-lint.run · mirror.openshift.com
credentials_files_accessexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawnplaintext_communication
notable behaviorApr 15, 2026
Cosign: Sigstore signing
garnet-labs/cosign · CI-Tests
Sigstore's cosign profiled across its test binaries, with credential-file access recorded during signing tests.
egress auth.docker.io · auth.docker.io.cdn.cloudflare.net · gcr.io · glb-db52c2cf8be544.github.com · index.docker.io · ingest.codecov.io
credentials_files_accessexec_from_unusual_dirflowinterpreter_shell_spawn
notable behaviorApr 9, 2026
LiteLLM: mock test suite
garnet-labs/litellm · LiteLLM Mock Tests (folder - tests/test_litellm)
LiteLLM (compromised in the TeamPCP incident) profiled in its pytest suite under monitoring.
egress dualstack.python.map.fastly.net · files.pythonhosted.org · pypi.org · raw.githubusercontent.com
code_on_the_flyexec_from_unusual_dirflowplaintext_communication
notable behaviorApr 9, 2026
Reth: Ethereum client lint
garnet-labs/reth · lint
The Ethereum Reth client's lint job profiled through its cargo build chain.
egress api.github.com · dualstack.k.sni.global.fastly.net · fastly-static.rust-lang.org · github.com · glb-db52c2cf8be544.github.com · release-assets.githubusercontent.com
credentials_files_accesscrypto_miner_executionexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
notable behaviorMay 13, 2026
Agentic harness: richest agent profile
garnet-labs/garnet-agentic-harness-poc · Agentic Custom Package Install (Garnet-Monitored)
The deepest agentic profile: many process trees captured while an agent installs a custom package behind the agentic workflow firewall.
egress api.github.com · api.openai.com · blob.blz25prdstrz09a.store.core.windows · blob.blz25prdstrz09a.trafficmanager.net · chatgpt.com · ghcr.io
auth_logs_tampercredentials_files_accessdynamic_linker_attacksexec_from_unusual_dirflowglobal_shlib_modificationinterpreter_shell_spawnnet_suspicious_tool_execpackage_repo_config_modificationpam_config_modificationshell_config_modificationwebserver_exec
notable behaviorMay 21, 2026
Codex agent + workflow firewall
garnet-labs/garnet-agentic-harness-poc · Agentic Custom Package Install (Garnet-Monitored, Codex)
OpenAI Codex installing a package behind Garnet's Agentic Workflow Firewall, captured under monitoring.
egress api.github.com · api.openai.com · blob.bn3prdstrz12a.store.core.windows.net · blob.bn3prdstrz12a.trafficmanager.net · chatgpt.com · ghcr.io
auth_logs_tampercredentials_files_accessdynamic_linker_attacksexec_from_unusual_dirflowinterpreter_shell_spawnnet_suspicious_tool_execpackage_repo_config_modificationshell_config_modificationwebserver_exec
clean baselineMay 21, 2026
Codex agent: clean install
garnet-labs/garnet-agentic-harness-poc · Install npm Package with Codex Agent
A baseline of an OpenAI Codex agent installing an npm package, with the codex proxy lineage captured under monitoring.
egress api.github.com · github.com · registry.npmjs.org · release-assets.githubusercontent.com
credentials_files_accessexec_from_unusual_dirflowinterpreter_shell_spawn
notable behaviorMay 11, 2026
TanStack matrix: package feed
jadoonf/npm-analysis-feed · Garnet: TanStack Matrix
Systematic profiling of the TanStack package matrix, capturing the runtime behaviour of the analysis run.
egress api.github.com · blob.bn9prdstrz04a.store.core.windows.net · blob.bn9prdstrz04a.trafficmanager.net · git-tanstack.com · glb-db52c2cf8be544.github.com · productionresultssa17.blob.core.windows
credentials_files_accessexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
notable behaviorMay 12, 2026
TanStack Router: bundle benchmark
garnet-labs/tanstack-router-replay · Bundle Size
A bundle-size benchmark for TanStack Router profiled under monitoring.
egress api.github.com · blob.blz25prdstrz09a.store.core.windows · blob.blz25prdstrz09a.trafficmanager.net · cloud.nx.app · elsa.session.foundation · files.getsession.org
credentials_files_accessexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawnnet_suspicious_tool_exec
notable behaviorApr 15, 2026
HuggingFace Hub: Python tests
garnet-labs/huggingface_hub · Python tests
The HuggingFace Hub ML client profiled in its Python test suite.
egress dualstack.python.map.fastly.net · files.pythonhosted.org
code_on_the_flyexec_from_unusual_dirflow
clean baselineApr 9, 2026
n8n: workflow automation CI
garnet-labs/n8n · CI: Python
n8n's Python CI profiled with its modern toolchain captured under monitoring.
egress api.github.com · blob.bl5prdstrz24a.store.core.windows.net · blob.bl5prdstrz24a.trafficmanager.net · dualstack.python.map.fastly.net · files.pythonhosted.org · github.com
exec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn
notable behaviorApr 15, 2026
Linear: build pipeline
garnet-labs/linear · build
Linear's build profiled, capturing its Node.js build tree under monitoring.
egress registry.npmjs.org
code_on_the_flyexec_from_unusual_dirflowhidden_elf_execinterpreter_shell_spawn