Active threat: TeamPCP campaign ongoing · litellm, telnyx, 66+ npm packages compromised · rotate credentials if installed Mar 24–27
TeamPCP active · 3.4M downloads targeted · last update: Mar 27

Stop supply chain attacks
before pip install

CodeGuard Pro is a pre-install security gate for AI coding agents. It blocked the litellm and telnyx TeamPCP attacks in real time — before any scanner had a CVE.

Install in 30 seconds Read the attack writeup →
MIT licensed 144 tests passing MCP compatible Live threat feed
3.4M
Downloads targeted
6/6
Attack payloads blocked
144
Tests passing
25+
Secret patterns
<3hr
Response vs 24hr lag
codeguard — zsh
$ codeguard check litellm==1.82.8
 
CodeGuard Pre-Install Check (pypi)
 
  ■ BLOCKED   litellm==1.82.8
           KNOWN COMPROMISED: TeamPCP supply chain attack
           .pth credential stealer — SSH, cloud, crypto, Slack
 
$ codeguard check requests==2.31.0
 
  ✓ SAFE      requests==2.31.0
 
All 1 package(s) look safe to install.
 
$ codeguard scan .github/workflows/
 
  ■ CRITICAL  tj-actions/changed-files@v35
           Known compromised action · CVE-2025-30066

The TeamPCP Campaign — March 2026

One attack chain. Stolen credentials passed between victims. All connected.

Mar 19
Trivy GitHub Actions
76 version tags poisoned. 1,000+ cloud environments infected.
Mar 20
66+ npm packages
CanisterWorm — self-spreading worm with blockchain C2.
Mar 23
Checkmarx Actions
Compromised via stolen Trivy CI/CD credentials.
Mar 24
litellm 1.82.8
3.4M daily downloads. .pth credential stealer.
Mar 27
telnyx 4.87.2
WAV steganography payload. CVE-2026-33634.
Read the full technical writeup →

What it detects

Runs before pip, before commit, inside your AI agent loop.

🚫

Compromised Package Database

Known-malicious versions blocked instantly — litellm, telnyx, ultralytics, ctx, SilentSync RAT packages. Updated before CVEs are filed.

🐍

.pth File Injection

Detects malicious .pth files that execute credential stealers silently at Python startup — TeamPCP's primary attack vector.

⚙️

GitHub Actions Audit

Flags mutable tag refs and known-compromised actions: tj-actions CVE-2025-30066, Trivy-action, Checkmarx — before your CI runs.

🔑

25+ Secret Patterns

OpenAI, AWS, Stripe, GitHub, Slack, GCP, private keys, JWTs — blocked before git commit via pre-commit hook.

🤖

MCP Compatible

Drop-in MCP server for Claude Code, Cursor, and Codex. Your AI agent checks before every install — zero extra steps.

📡

Live Threat Feed

HMAC-signed feed server with real-time IOC updates. New attacks added within hours, not days. No reinstall required.

Get started

One command. Works with any Python project or AI coding agent.

# Install globally
pipx install codeguard-pro

# Hook into every git commit
codeguard install

# Check before installing
codeguard check litellm==1.82.8

# MCP config (Claude Code / Cursor / Codex)
codeguard-mcp

144 tests · MIT license · Python 3.9+ · pypi.org/project/codeguard-pro · github.com/Miles0sage/codeguard-mcp

Live threat feed
feed API ↗
litellm==1.82.7, 1.82.8 CRITICAL
telnyx==4.87.1, 4.87.2 CRITICAL · CVE-2026-33634
sisaws==2.1.6 · secmeasure==0.1.x CRITICAL · SilentSync RAT
ultralytics==8.3.41, 8.3.42 HIGH · cryptominer
termncolor · colorinal · pandas-sdk HIGH · multi-stage malware

From the blog

📖
Attack Analysis · Mar 28, 2026
The Attack That Slipped Past 3.4 Million Developers — And How to Stop It
How TeamPCP's .pth injection attack hit litellm (3.4M downloads/day) and telnyx, why existing tools missed it, and how CodeGuard blocked it before any CVE was filed.
8 min read · Supply Chain Security
𝕏 Share on Twitter ▲ Post to Hacker News ⭐ Star on GitHub