@corsaroblue/npm-guard
v2.1.0
Published
Scan npm packages for malicious lifecycle scripts before installing them
Maintainers
corsaroblueReadme
npm-guard
Zero-friction supply chain security for npm. Protects humans and AI agents from malicious lifecycle scripts and dependency injection attacks.
When you run npm install, packages can execute hidden commands through lifecycle scripts (preinstall, postinstall). These scripts can steal tokens, delete files, install backdoors, or open reverse shells - silently, automatically. Worse, a legitimate package can be compromised to inject a malicious dependency that carries the payload (as happened with the axios supply-chain attack of March 2026).
npm-guard catches them before they run.
Two Modes, One Engine
For Humans: Transparent Wrapper
npm-guard setup # One-time: wraps your npm command
npm install express # npm-guard deep-scans automatically, then installsFor AI Agents: Explicit Check
npm-guard check express --deep --json # Machine-readable deep scan
# AI agent parses JSON, decides whether to proceedSee AI_INSTRUCTIONS.md for the full AI integration protocol.
Install
npm install -g npm-guardQuick Start
Interactive Mode (beginners)
npm-guardGuided menu with explanations in plain language.
Check Mode (experts, CI, AI agents)
npm-guard check express # Shallow check (lifecycle scripts only)
npm-guard check lodash axios react # Check multiple packages
npm-guard check express --json # JSON for machines
npm-guard check express --html # HTML reportDeep Scan Mode (supply-chain protection)
npm-guard check axios --deep # Full dependency tree analysis
npm-guard check axios --deep --json # Deep scan with JSON output
npm-guard check axios --deep --html # Deep scan HTML reportThe --deep flag enables:
- Recursive scanning of all transitive dependencies
- Detection of newly-injected dependencies vs. the previous version
- Package age verification (flags packages published < 7 days ago)
- Typosquatting name detection (e.g.
plain-crypto-jsmimickingcrypto-js)
Scan Mode (entire project)
npm-guard scan # Current project
npm-guard scan /path/to/project # Specific path
npm-guard scan --json --fail-on high # CI/CD pipelineWrapper Mode (transparent protection)
npm-guard setup # Inject wrapper into .zshrc/.bashrc
npm-guard status # Check if wrapper is active
npm-guard uninstall # Remove wrapperAfter setup, every npm install <package> is automatically deep-scanned. If threats are found, the installation is blocked.
What It Detects
7 Rule Groups (all pluggable)
| Rule Group | What it catches | Examples |
|------------|----------------|----------|
| shell-commands | File/system manipulation | rm -rf, sudo, chmod, touch |
| network-access | Unauthorized network calls | curl, wget, netcat, pipe to sh |
| file-system | Access to sensitive paths | .npmrc, .ssh, .env, .aws, /etc/passwd |
| code-execution | Dynamic/obfuscated execution | eval, base64, node -e, PowerShell |
| sensitive-files | Credential theft + exfiltration | .pem, .key, id_rsa + cat \| curl combo |
| obfuscation | Supply-chain attack patterns | /dev/tcp, hex strings, Buffer.from(base64), crontab, launchctl, silent execution |
| dependency-risk | Dependency injection attacks | New deps vs. previous version, young packages, typosquatting names |
Advanced Detection (obfuscation rule)
The obfuscation rule goes beyond simple pattern matching with combinatorial analysis:
- Download + Execute:
curl ... | bashdetected as supply-chain attack - Silent execution:
> /dev/null 2>&1flagged when hiding output - Reverse shells:
/dev/tcpconnections detected - Payload dropping: write hidden file +
chmod +x+ execute - Heavy obfuscation: counts hex escape sequences, flags if > 10
- Persistence:
crontab,systemctl,launchctlfor backdoor installation
Supply-Chain Attack Detection (dependency-risk rule, --deep)
The dependency-risk rule, activated by the --deep flag, detects the exact attack pattern used in the axios compromise:
| Detection | Severity | What it catches |
|-----------|----------|-----------------|
| New dependency | HIGH | A dependency was added that didn't exist in the previous version |
| Young package | HIGH/CRITICAL | A dependency was published less than 7 days ago (CRITICAL if < 24h) |
| Injected + young | CRITICAL | New dependency AND recently published (strongest signal of compromise) |
| Suspicious name | HIGH | Name mimics a well-known library with prefix/suffix (e.g. plain-crypto-js) |
Example: if [email protected] adds plain-crypto-js (published 20 hours ago, name mimics crypto-js), npm-guard would flag it with 4+ findings at CRITICAL level and block the installation.
AI Agent Integration
npm-guard is designed to be used as a security tool by AI coding agents.
Protocol
# 1. Deep-check package before install
npm-guard check <package> --deep --json
# 2. Parse response
# summary.maxRiskLevel: "SICURO" | "BASSO" | "MEDIO" | "ALTO" | "CRITICO"
# results[].depRiskFindings: supply-chain specific alerts
# results[].suspiciousDependencies: transitive deps with dangerous scripts
# 3. Decision
# SICURO/BASSO -> install
# MEDIO -> install + inform user
# ALTO/CRITICO -> DO NOT install, warn userClaude Code
Add to your project's CLAUDE.md:
Before running `npm install` for new packages, always run:
`npm-guard check <package> --deep --json`
If maxRiskLevel is ALTO or CRITICO, do not install.
Check depRiskFindings for supply-chain indicators.Full protocol: AI_INSTRUCTIONS.md
Configuration
Create .npmguardrc.json:
{
"rules": {
"shell-commands": true,
"network-access": true,
"file-system": true,
"code-execution": true,
"sensitive-files": true,
"obfuscation": true,
"dependency-risk": true
},
"ignore": ["trusted-package"],
"failOn": "high",
"format": "text"
}See npmguard.config.example.js for all options.
Plugins
Extend with custom rules, formatters, and safe patterns:
const { BaseRule } = require("npm-guard");
class MyRule extends BaseRule {
get name() { return "my-rule"; }
get description() { return "Custom check"; }
get patterns() {
return [{
pattern: /suspicious/,
id: "suspicious",
severity: "high",
title: "Suspicious pattern",
description: "Why this is dangerous"
}];
}
}
module.exports = {
name: "my-plugin",
register(api) { api.addRule(new MyRule()); }
};See Plugin Guide.
Use as Library
const { NpmGuardEngine } = require("npm-guard");
// Shallow scan
const engine = new NpmGuardEngine({ format: "json" });
const result = engine.scanPackage("express");
const output = JSON.parse(engine.formatResults([result]));
if (output.summary.maxRiskLevel === "CRITICO") {
console.error("Blocked!");
}
// Deep scan (recommended)
const deep = engine.scanPackageDeep("axios");
const deepOutput = JSON.parse(engine.formatDeepResults([deep], { format: "json" }));
if (deepOutput.summary.maxRiskLevel === "CRITICO") {
console.error("Supply-chain threat detected!");
console.error("Alerts:", deep.depRiskFindings);
}See API Reference.
Project Structure
npm-guard/
├── bin/cli.js # CLI with subcommands
├── src/
│ ├── index.js # Public API
│ ├── core/
│ │ ├── engine.js # Orchestrator (shallow + deep scan)
│ │ ├── config.js # Configuration
│ │ ├── registry.js # npm registry + dependency tree resolver
│ │ └── wrapper.js # Shell wrapper (setup/uninstall)
│ ├── rules/ # 7 rule groups (extensible)
│ │ ├── shell-commands.js
│ │ ├── network-access.js
│ │ ├── file-system.js
│ │ ├── code-execution.js
│ │ ├── sensitive-files.js
│ │ ├── obfuscation.js
│ │ └── dependency-risk.js
│ ├── formatters/ # text, json, html (extensible)
│ ├── plugins/ # Plugin loader
│ └── ui/ # Interactive mode
├── AI_INSTRUCTIONS.md # Protocol for AI agents
├── plugins/example-plugin/ # Example plugin
├── test/ # 95 tests
└── docs/ # Architecture, API, PluginsContributing
See CONTRIBUTING.md.
License
MIT