Malware Blocking

Block malicious packages at the registry before they reach developer machines or CI/CD pipelines. Covers known malware, hijacked packages, and account-takeover payloads.

Book a Demo

Malicious packages reach developers before detection

Attackers publish malicious versions and hijack maintainer accounts. Most security tools report the problem after the package is already installed.

  • Account takeovers inject malware into trusted packages

    A compromised maintainer account publishes a new version with a malicious payload. It looks legitimate until a feed flags it, often hours later.

  • Detection lags behind the publish event

    Security feeds take hours to days to flag newly published malicious packages. Developers installing in that window are exposed.

What your team gets

  • Known malware blocked before install

    Packages matching known malware signatures are stopped at the registry before they touch a developer machine or CI cache.

  • Safety delay closes the detection gap

    New versions are held for a configurable window, giving the ecosystem time to flag threats before developers can install them.

  • Audit trail of every blocked package

    Every block is logged with the package, version, user or pipeline, and the rule that triggered.

How Dependency Firewall handles this

Dependency Firewall checks every package request against malware feeds and your defined rules before serving it.

  • Known malware signature blocking
  • Safety delay on newly published versions
  • Audit log of every block and allow
See Dependency Firewall See pricing

Built for the teams involved

  • Security teams

    Define blocking rules once. Malware stops at the registry without manual intervention per incident.

  • Developers

    Package installs work as normal. Blocked packages fail with a clear reason.

  • DevOps engineers

    CI/CD pipelines route through the firewall without any pipeline changes.

What changes in practice

  • Malicious packages stopped before execution

    Blocked at install, not detected after the fact in a post-build scan.

  • Less exposure during detection windows

    Safety delays mean new malware does not reach developers while feeds are still catching up.

Questions about this use case

How does malware detection work?

Dependency Firewall blocks packages that match known malware signatures.

What if malware is found after a package already passed through?

Observations track every package that passed through each firewall. When new malware data surfaces, you can see which projects downloaded the affected package and when.

Talk to us about malware blocking.

We can walk through the product fit for your environment and where each Observer product fits.

Book a Demo