PHANTOM GRID

Map your invisible attack surface. PHANTOM GRID uses Neo4j and live threat intel to visualize your software supply chain, exposing hidden vulnerabilities and secrets before hackers exploit them.

Comment

Inspiration

The recent surge in high-profile software supply chain attacks—from the XZ Utils backdoor to Log4Shell—proved a terrifying reality: securing our own code isn't enough. Modern applications rely on thousands of transitive dependencies, creating an invisible attack surface.

When developers use traditional security scanners, they are often bombarded with flat, overwhelming lists of CVEs devoid of context. We realized that to truly understand and prioritize supply chain risks, we needed to see the blast radius. We were inspired to build a tool that visualizes these complex dependency relationships and enriches them with real-world threat intelligence, turning abstract vulnerabilities into actionable, visual data.

What it does

PHANTOM GRID is a next-generation software supply chain security intelligence platform.

You simply paste your package.json or provide a GitHub repository URL, and the platform goes to work:

Dependency Mapping: It resolves direct and deep transitive dependencies, mapping the entire architecture. Vulnerability Scanning: It cross-references components against NVD and OSV.dev to find known CVEs. Threat Enrichment: It polls 6 live threat intelligence APIs (including Shodan, AbuseIPDB, GreyNoise, and URLhaus) to identify malicious infrastructure connections. Secret Detection: It scans for 18+ types of exposed API keys and credentials. Graph Analysis: It models all this data in a Neo4j graph database to calculate complex attack propagation paths. The result is presented in a sleek, interactive dashboard featuring a weighted security score, vulnerability breakdown charts, and a glowing, force-directed dependency graph.

How we built it

We architected PHANTOM GRID as a modern, high-performance web application:

Backend: Node.js and Express form the core API, handling manifest parsing, asynchronous scanning, and data normalization. Database: We utilized Neo4j Aura DB as the backbone. By modeling dependencies, vulnerabilities, and threats as nodes and edges, we could use Cypher queries to instantly map attack paths from a 5th-level dependency straight to the root project. Integrations: We built custom client wrappers to asynchronously aggregate data from 6 different open-source security APIs, complete with token bucket rate-limiting. Frontend: We opted for a lightweight, zero-dependency Vanilla JS architecture. The UI features a custom cyberpunk-themed design system, Chart.js for analytics, and the HTML5 Canvas API for rendering the complex force-directed graph physics.

Challenges we ran into

Data Normalization: Aggregating data from 6 different security APIs was incredibly challenging. Each provider uses different schemas, severity scales (e.g., CVSS vs. custom risk levels), and rate limits. We had to build robust normalization middleware to unify this into a single scoring engine. Graph Visualization: Rendering dozens of nodes and complex relationships dynamically without performance lag was difficult. We had to implement a custom physics-based force layout algorithm and handle Canvas resizing and requestAnimationFrame loops to get the smooth, glowing "phantom" aesthetic we wanted. Scoring Logic: Designing a weighted algorithm that accurately penalizes a project for critical CVEs and deep transitive risks—without immediately dropping every project to a score of zero—required significant fine-tuning.

Accomplishments that we're proud of

We are incredibly proud of successfully integrating Neo4j Aura DB to handle real-time threat mapping. Watching a Cypher query instantly traverse a deeply nested dependency tree to highlight an active attack path is incredibly satisfying.

We are also proud of the frontend aesthetic. We built a professional-grade, highly responsive Security Operations Center (SOC) dashboard from scratch using Vanilla JS and CSS, proving you don't always need heavy frameworks to build beautiful, reactive interfaces.

What we learned

The Power of Graph Databases: We learned firsthand why graph databases are the industry standard for cybersecurity. Relational databases struggle with deep hierarchical queries, but Neo4j allowed us to trace complex attack vectors with simple, performant queries. Canvas API Mastery: We leveled up our frontend skills by building a physics-based rendering engine directly in HTML5 Canvas, learning how to manage dynamic coordinate systems and complex shadow rendering. Threat Intel Ecosystems: We gained deep exposure to the open-source threat intelligence community and learned how to effectively utilize APIs from Shodan, NVD, and OSV.dev.

What's next for PHANTOM GRID

Our immediate next steps include:

Automated Remediation: Integrating automated pull requests to instantly bump vulnerable dependencies to secure versions. CI/CD Integration: Building a GitHub Action plugin to automatically run PHANTOM GRID scans during the build process, failing the pipeline if the Security Score drops below a defined threshold. Predictive Analytics: Implementing machine learning models to analyze maintainer activity patterns and predict which currently benign packages are at a high risk of being compromised in the future.

Built With

Share this project:

Updates