RED-LILI is a software supply chain threat actor which has published over 1500 malicious packages. As Checkmarx uncovered, this attacker has demonstrated new techniques that power him with automated NPM account creation.
This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.
Visit https://red-lili.info
The original package evidence sample files as they were originally published to NPM included with related metadata are available in the ./samples directory. Make sure to read the README.md file before usage.