The research program
The security research program behind codelake. Continuous threat intelligence across the software supply chain — npm, Composer and the MCP / AI agent ecosystem.
codelake Research is the threat-intelligence program of codelake Technologies LLC, focused on the security of the software supply chain — npm, Composer and the emerging MCP / AI agent ecosystem. We collect supply-chain and protocol-level intelligence continuously, strictly separated from any customer data, and publish it openly.
We build scanners before we write reports. Everything we publish is sourced; where the data is uncertain, we say so.
Confirmed findings are published as advisories under the CLR-YYYY-NNNN scheme in OSV-compatible format, freely available to the ecosystem. A hard architectural boundary separates the research store from any customer or tenant data.
No customer or tenant data informs any finding we publish. Where multiple public sources conflict, we report the range and name the counting basis rather than choosing a single figure.