package-firewall
Safeguard articles tagged "package-firewall" — guides, analysis, and best practices for software supply chain and application security.
9 articles
The eslint-config-prettier npm compromise: when phishing beats your SCA scanner
A phishing email spoofing npm support hijacked a maintainer's account and poisoned eslint-config-prettier, a package with roughly 30 million weekly downloads.
The Nx Attack Turned AI Coding Agents Into the Malware
In August 2025, attackers hijacked Nx's npm publish token and used Claude Code, Gemini CLI, and Amazon Q as the exfiltration engine — leaking 2,349 secrets.
Protestware: what colors.js and faker.js taught the industry about maintainer risk
One unpaid maintainer sabotaged two packages with 20M+ weekly downloads in a single week. Here's what colors.js and faker.js reveal about single-maintainer risk.
Anatomy of a malicious npm package attack
One phished maintainer, 18 packages, and billions of weekly downloads — how npm/PyPI supply chain attacks actually unfold, and the signals that expose them.
Detecting malicious postinstall scripts in npm packages
A 2025 phishing attack compromised 18 npm packages with 2.6 billion weekly downloads. Here's how postinstall scripts became npm's top attack vector.
Bun-compiled JS binaries as PyPI credential stealers
Two lightning releases fetched the Bun runtime at import time to run an 11MB obfuscated JS stealer — PyPI's Python trust model didn't expect a JS binary.
Safeguard Expands Into a Unified, AI-Native Defensive Security Platform
Safeguard is growing from a posture and findings platform into a first-party detection and prevention platform — first-party AppSec, defensive red-teaming, AI security, data security, runtime/CNAPP, and a supply-chain package firewall — all feeding one prioritized findings model.
Introducing the Package Firewall and AI Model-Artifact Scanning
Two supply-chain defenses are rolling out on Safeguard: an install-time Package Firewall that blocks malicious npm and pip packages before they resolve, and AI model-artifact scanning that inspects model weights — now including ONNX — for malware before they load.
Package Firewall: Blocking Malicious Dependencies at Inst...
Malicious npm and PyPI packages are published daily. See why a package firewall that blocks at install time stops attacks that post-hoc scanners catch too late.