Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

222 stars 13 forks 222 watchers Python Apache License 2.0
canary canarytokens credential-theft devsecops endpoint-security honeytoken honeytokens incident-response malware-detection npm npm-security open-source security shai-hulud supply-chain-attack supply-chain-security threat-detection tripwire
28 Open Issues Need Help Last updated: Jul 2, 2026

Open Issues Need Help

View All on GitHub

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
documentation good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
Startup Logs 10 days ago
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
bug good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
bug good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire
enhancement good first issue

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Python
#canary#canarytokens#credential-theft#devsecops#endpoint-security#honeytoken#honeytokens#incident-response#malware-detection#npm#npm-security#open-source#security#shai-hulud#supply-chain-attack#supply-chain-security#threat-detection#tripwire