Package Firewall
Your first line of defense against malicious packages. Protect every pip install,
npm install, and go get with intelligent filtering and real-time threat detection.
How It Works
Three simple steps to secure your package installations
Create a Firewall
Set up a firewall for each project or team. Configure your security policies, allow lists, and blocking rules.
Generate Credentials
Get unique credentials for your CI/CD pipeline or development environment. Works with pip, npm, and go.
Install Securely
Every package installation is scanned, verified, and logged. Threats are blocked before they reach your system.
Security Features
Allow Lists
Define exactly which packages your team can install. Lock down production environments to approved dependencies only. Supports version constraints for precise control.
- Whitelist specific packages and versions
- Block everything else by default
- Import from requirements.txt or package.json
Deny Lists
Block known malicious packages, deprecated libraries, or packages that don't meet your security standards. Automatically updated with threat intelligence.
- Block known malware packages
- Blacklist deprecated dependencies
- Custom deny rules with wildcards
Malware Detection
Real-time scanning of package contents for malicious code patterns. Our detection engine identifies cryptominers, data exfiltration, and supply chain attacks.
- Static analysis of package code
- Pattern matching for known threats
- Behavioral analysis indicators
Typosquatting Protection
Detect and block packages that impersonate popular libraries with subtle name variations. Protect developers from accidentally installing malicious lookalikes.
- Fuzzy name matching algorithms
- Levenshtein distance analysis
- Homoglyph and unicode detection
Soak Time
Delay installation of newly released package versions. Give the community time to discover issues before they hit your production environment.
- Configurable delay (1-30 days)
- Exception lists for urgent updates
- Per-package soak time rules
Block Unmaintained Packages
Automatically block packages that haven't been updated in years. Abandoned packages pose security risks as vulnerabilities go unpatched and dependencies become outdated.
- Configurable inactivity threshold
- Exception lists for stable packages
- Alerts when dependencies become unmaintained
Activity Logging
Complete audit trail of every package installation attempt. Know who installed what, when, and whether it was allowed or blocked.
- Real-time activity dashboard
- Export logs for compliance
- Integration with SIEM tools
Custom Policies (OPA Rego)
Write custom security policies using the Open Policy Agent Rego language. Policies deny by default and you define allow rules that evaluate package metadata, scores, dependencies, and community signals to explicitly permit packages that meet your organization's requirements.
- Block by license, score, or dependency count
- Evaluate security, quality, and maintenance scores
- Full access to package metadata and community data
- Built-in editor with syntax highlighting
Supported Package Ecosystems
Protect all your dependencies across multiple languages
Python / PyPI
Secure pip installations with full support for requirements.txt, Poetry, and Pipenv.
pip install --index-url https://firewall.hextrap.com/...
JavaScript / npm
Protect npm and yarn installations. Works seamlessly with package.json and lock files.
npm config set registry https://firewall.hextrap.com/...
Go Modules
Secure your Go dependencies with GOPROXY support. Full compatibility with go.mod.
GOPROXY=https://firewall.hextrap.com/... go get
Ready to Secure Your Supply Chain?
Start protecting your package installations in minutes. Free for open source projects.