docs: Update README with supply chain protection features

README.md

@@ -5,23 +5,37 @@
 [![license](https://img.shields.io/npm/l/patchpilot)](https://github.com/ProduktEntdecker/patchpilot-cli/blob/main/LICENSE)
 [![Node.js](https://img.shields.io/node/v/patchpilot)](https://nodejs.org)
 
-Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities before Claude Code installs them.
+Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities **and** supply chain risks before Claude Code installs them.
 
 ## How It Works
 
-PatchPilot is a Claude Code **pre-execution hook** that intercepts install commands:
+PatchPilot is a Claude Code **pre-execution hook** that intercepts install commands and runs two checks in parallel:
 
-```
+```text
 You: "install lodash for me"
          ↓
 Claude: "npm install lodash@4.17.0"
          ↓
-PatchPilot: Checks OSV database
+PatchPilot: ┌─ OSV database (known CVEs)
+            └─ Registry metadata (supply chain signals)
          ↓
 BLOCKED: 4 vulnerabilities found (1 critical, 3 high)
 ```
 
-Uses the [OSV (Open Source Vulnerabilities)](https://osv.dev/) database - the same data source as `npm audit`.
+### Supply Chain Protection
+
+After the [Axios supply chain attack](https://www.a16z.news/p/et-tu-agent-did-you-install-the-backdoor) (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects:
+
+| Check | What it catches | Threshold |
+|-------|----------------|-----------|
+| **Version Quarantine** | Recently published versions — suggests previous stable release | < 72 hours old |
+| **New Package Detection** | Brand-new packages with no history | < 7 days old |
+| **Low Downloads** | Packages with no community adoption (npm only) | < 100/week |
+| **Typosquat Detection** | Names 1–2 edits away from popular packages (`lodahs` → `lodash`) | offline, curated list |
+
+All three would have caught `plain-crypto-js`, the malicious package used in the Axios attack.
+
+Supply chain checks return `ask` (not `deny`) — you decide whether to proceed. CVE-based blocks remain automatic.
 
 ## Installation
 
@@ -103,11 +117,16 @@ NODE_ENV=production npm install evil-pkg
 
 ## Decision Logic
 
-| Severity | Action |
-|----------|--------|
-| CRITICAL or HIGH | **Block** - requires manual approval |
-| MODERATE or LOW | **Allow** - with warning message |
-| None found | **Allow** |
+| Source | Severity | Action |
+|--------|----------|--------|
+| **Malware** | Known malicious package (OSV `MAL-*`) | **Block** — requires manual approval |
+| **CVE** | CRITICAL or HIGH | **Block** — requires manual approval |
+| **CVE** | MODERATE or unscored (UNKNOWN) | **Ask** — you decide |
+| **CVE** | LOW | **Allow** — with warning |
+| **Supply Chain** | Version < 72h / New package / Low downloads / Typosquat | **Ask** — you decide |
+| None found | — | **Allow** |
+
+Supply chain checks run in parallel with CVE checks (low added latency) and fail-open — if the registry is unreachable, installs proceed normally.
 
 ## Accuracy
 
@@ -123,7 +142,8 @@ querying OSV without a version — preserving fail-closed behavior for unknown p
 
 - **Homebrew**: OSV has no vulnerability database for Homebrew packages. Brew commands are detected but not checked.
 - **Private registries**: Only public npm and PyPI packages are checked.
-- **Offline**: Requires internet connection to query OSV API.
+- **Offline**: Requires internet connection to query OSV API and package registries.
+- **Zero-day CVEs**: Supply chain heuristics catch suspicious metadata patterns, but cannot detect all novel attack vectors.
 - **Local `npx <tool>`**: PatchPilot treats `npx <tool>` as a potential install. If the tool is already installed in `./node_modules/.bin/`, npx runs the local copy and nothing is downloaded — but the OSV check still runs against the latest published version.
 
 ## Development