Supply-Chain
We Scanned 300 npm and PyPI Packages for Supply Chain Attacks Without Executing a Single Line of Code
We indexed 300 popular packages with knowing’s code graph, computed isolation scores based on credential access + process spawning patterns, and achieved a 1.0% false positive rate across both the initial 200 and a held-out 100. No sandbox. No execution. No heuristics. Just graph structure.