Policy engine
Rules by package name, version range, age, source, license and custom criteria. Block or log-only, with time-limited exceptions. Re-evaluated on every request.
The next generation Dependency Firewall is launching soon. See what’s new
npm Dependency Firewall
npm is the most targeted package ecosystem in the world. Typosquats, account takeovers and malicious maintainer commits have injected malware into packages with millions of weekly downloads. The npm Dependency Firewall blocks them before your developers or pipelines ever see them.
Bytesafe Dependency Firewall sits in front of your existing repository, protecting developers, CI/CD pipelines and AI agents.
EU-based company · Software supply chain security since 2018.
bytesafe.dev / Firewall
47
Blocked today
1,284
Requests today
12
Active rules
Package
Rule
Status
malicious-pkg@2.1.0
Malware scan
BLOCKED
lodash@4.17.20
CVSS ≥ 7.0
BLOCKED
react@19.1.1
Allowlist
APPROVED
new-release@0.0.1
Age < 7 days
DELAYED
axios@1.7.9
Allowlist
APPROVED
Blocked
malicious-pkg@2.1.0
By Exception
lodash@4.17.21
Delayed
new-release@0.0.1
Approved
react@19.1.1
Supply chain attacks on npm
A selection of documented supply chain attacks on npm. The npm ecosystem has been targeted by malicious packages, account takeovers, and dependency confusion attacks.
axios (typosquats)2026
Malicious packages impersonate axios and other high-traffic libraries using one-letter name differences: axois, axious, axxios. They are published continuously and contain credential-stealing payloads. Blocked by malware signature matching.
Malicious packagestanstack2026
Malicious packages impersonating @tanstack/react-query and related packages were published to npm. The attack targeted the same publication-to-detection window as shai-hulud. A safety delay would have held the versions before any developer could install them.
Malwareshai-hulud2025+
A family of malicious npm packages (shai-hulud, shai-hulud-v2, shai-hulud-mini) published to exploit the window between publication and detection. Bytesafe's zero-day safety delay holds newly published versions for a configurable window before they reach developers.
Malwarenode-ipc2022
The maintainer deliberately published a version that detected Ukrainian or Russian IP addresses and overwrote files on disk. The package was a transitive dependency of the popular vue-cli toolchain.
Maintainer sabotagecolors.js / faker.js2022
The maintainer published versions that caused applications to print infinite ANSI sequences and nonsense strings to stdout. Thousands of applications broke on upgrade without any warning.
Maintainer sabotageDependency confusion2021+
Attackers register public npm packages with the same name as internal packages. npm resolves the public version by default. The firewall ensures internal packages always win.
Namespace attackua-parser-js2021
An attacker gained access to the maintainer's npm account and published three malicious versions. The injected payload installed a cryptominer and a credential-stealing trojan. Over 8 million weekly downloads at the time.
Account takeoverevent-stream2018
A maintainer transferred ownership to an unknown account. The new maintainer injected code that stole Bitcoin wallet keys from a specific Copay application. The package had 2 million weekly downloads.
Maintainer handoffeslint-scope2018
The maintainer's npm token was stolen via a compromised package. The attacker published a new version that exfiltrated the npm credentials of anyone who ran npm install.
Account takeoverDependency Firewall does not prevent all attacks, but blocks packages that match known malware signatures, fail provenance checks, or violate your policies.
Intercepts every npm package request before it reaches you.
Every package install is a potential entry point. Traditional SCA tools find problems after packages are already in your environment. Dependency Firewall intercepts every npm request before it reaches your developers, CI/CD pipelines or AI agents.
You define the rules: block packages with known CVEs, block known malicious packages, or delay newly published versions for a configurable period to give the ecosystem community time to surface zero-day threats.
Works in front of enterprise repository platforms and any npm registry. No agent installs. No workflow changes.
Public npm registry
Vulnerable and malicious versions included
Risky packages
Dependency Firewall
Policy engineVetted packages only
Developers and CI/CD
Internal environment
Dependency Firewall capabilities
Policy controls, malware blocking, package delay, provenance checks, publish scanning, and full audit visibility across every npm request.
Vulnerability blocking
Block packages with known CVEs before install. Filter by CVSS and EPSS severity per registry or team. New advisories take effect immediately.
Malware scanning
Detect malicious payloads, suspicious install hooks and obfuscated code before execution. Quarantined packages are logged and never silently dropped.
Provenance verification
Verify packages were built by expected publishers using Sigstore and SLSA attestations. Detect pipeline swaps and version downgrades early.
Dependency confusion
Block namespace attacks where public packages impersonate your internal ones. Configurable upstream priority rules ensure private packages always win.
Zero-day safety delay
Hold newly published versions for a configurable window (7 or 14 days) before they reach developers or pipelines. Gives the ecosystem time to surface threats.
Package observations
Every package is fingerprinted: first-seen date, download frequency, requester, version age. Know exactly what passed through and when.
Audit logging
Every block, allow and exception is recorded and exportable to your SIEM. Built to make security teams and auditors happy out of the box.
Publish scanning
Packages are scanned for malware, secrets, and sensitive data before they are published to an upstream registry.
Add a security layer to npm
Route npm package traffic through Dependency Firewall, define policies for what's allowed and let the firewall block the rest. Developers and pipelines keep their existing package manager commands.
01
Route npm requests through Dependency Firewall
Point your npm configuration at Dependency Firewall. Every install request passes through the firewall before reaching the registry or your environment.
02
Define your security policies
Set vulnerability thresholds, enable malware scanning, configure safety delays for new versions and write allowlist or blocklist rules. Create multiple firewalls with individual rules for different teams or projects.
03
Bad packages are blocked. Safe ones flow through.
Every request is evaluated in real time. Blocked packages are logged with the policy that triggered them. Approved packages are served transparently.
Configure your npm proxy in one command
Point npm, yarn, pnpm or Bun at your Bytesafe Dependency Firewall endpoint. Existing package manager commands and lock files continue to work without changes.
Works with the repositories you already use
JFrog Artifactory
Sonatype Nexus
GitLab
GitHub Packages
Azure Artifacts
AWS CodeArtifact
Firewall rules
Each rule targets an ecosystem and applies a condition: vulnerability severity, package age, license type or name pattern. Rules either block or log. Stack multiple rules per firewall. Changes take effect immediately.
Security teams can start with broad guardrails, then narrow policies by upstream, package, version range, internal status, maximum age, CVSS score and EPSS score.
Live firewall logs
Every blocked package is logged: package name, version, status, ecosystem, which firewall evaluated it, which rule triggered and who requested it. Filter by firewall or user.
The log view gives developers a fast answer when an install fails and gives AppSec a complete audit trail for policy enforcement.
Package details and scorecards
Open a package to review advisories, licenses, project metadata, OpenSSF Scorecard checks, dependency counts and source links before deciding whether to block, allow or investigate further.
The package page brings runtime firewall context together with upstream project health. Security teams can compare CVEs, maintainer signals, and repository hygiene from the same screen.
Sits in front of what you already run
Other enterprise dependency firewalls are often bundled into repository platforms. Dependency Firewall is an independent firewall that works with any registry and is built in the EU.
| Criterion | Dependency Firewall | Other enterprise firewalls |
|---|---|---|
| Works with your existing repository | Yes, as a proxy in front of it | Bundled into their platform most often |
| Deploys in minutes | Yes | Usually weeks of platform work most often |
| Predictable pricing | Flat, no usage-based fees | Usage-based or opaque most often |
| EU data sovereignty | Yes | No, US-based most often |
npm Dependency Firewall: frequently asked questions
Common questions from security and engineering teams.
How do I configure npm to use Bytesafe Dependency Firewall?
Run `npm config set registry https://registry.bytesafe.dev/r/<firewall-id>/` with your firewall ID from the Bytesafe dashboard. Yarn, pnpm and Bun support the same approach via their respective config files. See docs.bytesafe.dev for step-by-step instructions.
Does it work with private npm packages?
Yes. Bytesafe Dependency Firewall can proxy multiple upstreams. Configure it to serve your private registry for scoped packages and npm for public ones. Private packages always resolve first, which also prevents dependency confusion attacks.
Will it break my existing package-lock.json or yarn.lock?
No. Bytesafe Dependency Firewall is a transparent proxy. It serves the same package metadata and tarballs as npm. Your lock files remain valid and installs continue to be reproducible.
Does the zero-day safety delay apply to all npm packages?
You configure which rules apply. You can delay all new versions, or only versions from packages that have never been seen in your organization before. Rules can target specific package name patterns or version ranges.
Can different projects have different policies?
Yes. You can create separate firewalls per project. They are lightweight and easy to clone. You can also differentiate by the user or token used for the session. Firewall configurations are small JSON files that can be managed in Git.
Can packages be delayed before they reach developers?
Yes. Dependency Firewall can hold newly published package versions for a configurable window (7 or 14 days) before they reach developers or pipelines. Centralizing delay rules means the protection applies automatically across all teams and pipelines without each project configuring it separately.
What happens if a package passes through but malware is found later?
The firewall tracks all packages via observations: first-seen date, last-seen date, and which firewalls they passed through. When new malware data surfaces, you can see exactly which projects downloaded the affected package and when.
Can firewall rules be automated?
Yes. All configuration is available via API. Configurations can be version-controlled in Git and deployed through your existing automation. All changes are tracked with full rollback support.
Does Dependency Firewall work with enterprise repository platforms?
Yes. Dependency Firewall speaks the same protocols as your package managers, so it is fully transparent to enterprise repository platforms and package registries, including JFrog Artifactory, Sonatype Nexus, GitLab, GitHub Packages and Azure Artifacts.
How is licensing structured?
Two plans: Cloud for SaaS and Enterprise for custom deployment, Managed Cloud or On-Premise. Both include unlimited users, package requests and bandwidth with no usage-based fees. See pricing for plan details and add-ons.
Watch it block npm threats
Book a 30-minute session and we'll show you how Dependency Firewall fits into your existing setup. Your registries stay unchanged.