• itscybernews
  • Posts
  • The Scanner That Reads Your Code Without Touching It

The Scanner That Reads Your Code Without Touching It

A tiny tool from Perplexity defuses the booby-traps hiding in your dependencies — and the npm worm season that made it a must-have.

Author

The itscybernews Team
June 04, 2026

In partnership with

In May 2026, a single poisoned npm package quietly rewrote the rules of the software supply chain. Within days, a self-replicating worm nicknamed “Mini Shai-Hulud” had chewed through 42 TanStack packages, Mistral AI’s tooling, and even an OpenAI Codex helper — lifting credentials from developer laptops that never typed a single suspicious command.

The wild part? Most of those machines were infected the moment someone ran a routine npm install. The malicious code hid inside the package’s install hooks, so the very act of auditing it the normal way was often enough to set it off.

This is exactly the problem a new open-source tool from Perplexity was built to solve — and it does it with an idea so simple it’s almost cheeky: never run anything at all.

Meet Bumblebee, the scanner that refuses to run

Bumblebee is a free, open-source tool Perplexity released in May 2026. It scans a developer’s machine for risky packages, browser and editor extensions, and AI-tool configs — exactly the stuff attackers target during a supply-chain incident. It’s written in Go, weighs almost nothing, and carries zero outside dependencies of its own.

Its entire design rests on one rule: never execute anything that isn’t read directly off the disk. Bumblebee never calls npm install, pip list, or any package manager. It reads lockfiles, manifests, and installed package metadata straight from the filesystem. Because the nastiest payloads hide in the install hooks that fire when a package manager runs, Bumblebee simply never gives them the chance.

The trick nobody else was doing

Plenty of tools scan your packages. Bumblebee’s standout move is that it also reads your MCP configuration files — the little JSON files that tell Claude Desktop, Cursor, and the Gemini CLI which outside services your AI assistants are allowed to talk to. As developers wire more AI agents into their daily workflow, those configs have quietly become one of the juiciest targets on the machine, and almost nothing else was checking them.

All told it sweeps eight package ecosystems — npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems and Composer — plus VS Code, Cursor and Windsurf extensions and Chromium and Firefox add-ons. During a live incident, a responder can point its “deep” profile at an entire home directory and get back a clean, machine-readable list of everything worth worrying about in seconds, without tripping a single trap.

Stop making AI decisions in the dark.

Leadership is asking: are we getting value from AI? Which tools are worth the spend? Where are we exposed? Right now, most teams have no idea.

Harmonic Security Usage Explorer changes that.

You get a complete picture of how your organization uses AI, automatically categorized into custom tasks and use cases.

You’ll see the projects being worked on, who’s using what tools, where AI investments are driving value, and where employees are engaging in risky behavior.

CIOs can rationalize spending and cut wasted licenses. CISOs can pinpoint where risk exists and neutralize it. AI committees can show exactly how their efforts are paying off.

When It All Goes Wrong: The 2026 Worm Season

In May 2026, the npm ecosystem had its worst month on record. A worm dubbed “Mini Shai-Hulud” hijacked TanStack’s own trusted release pipeline, sneaking malicious code into 84 package builds across 42 projects by abusing GitHub Actions and OIDC tokens — which meant the poisoned versions were signed and shipped by the real maintainers’ automation.

It didn’t stop there. The same wave hit packages tied to Mistral AI and OpenSearch, and a separate look-alike package quietly siphoned off OpenAI Codex authentication tokens. All told, researchers counted more than 170 compromised npm packages in just a few weeks.

The pattern is the scary part: attackers have stopped knocking on the front door. They quietly take over a trusted maintainer’s account or build server, then let your own install command finish the job.

How to keep your laptop off the menu

You don’t need a security team to dodge most of this. A handful of habits go a long way:

  • Pin your dependencies: commit a lockfile and use a clean install (like npm ci) so you get exactly what you reviewed, not whatever shipped overnight.

  • Turn off install scripts by default: running with —ignore-scripts blocks the postinstall hooks most of these payloads rely on.

  • Scan before you trust: tools like Bumblebee check a machine without ever running the suspect code.

  • Treat your AI configs like passwords: review what your MCP servers and editor extensions are actually allowed to connect to.

  • Slow down on overnight updates: a package that jumped three versions while you slept is worth a second look before it touches your build.

Bumblebee won’t fix the supply chain by itself, but it’s a rare security tool that makes the safe choice the easy one — and on a week like this one, that’s worth the download.

Stay sharp out there,

— The itscybernews Team

P.S. Know a developer who still audits packages by running them? Do them a favour and forward this along. Sharing itscybernews is the easiest way to keep your whole team off the menu — and it helps us keep the lights on too.

Learn AI in 5 minutes a day

You don't have to scroll every AI thread, track every new tool, or watch every demo. 

The Rundown AI breaks it all down for you — the latest AI news, tools, and tutorials in one free 5-minute email every morning. 

Trusted by 2M+ professionals at Apple, Google, and NASA.