























Product
Your first line of defense against malicious packages. Protect every pip install,
npm install, and go get with intelligent filtering and real-time threat detection.
🛡
Real-time Protection Block threats before install
📝
Allow/Deny Lists Fine-grained control
🔍
Typosquat Detection Catch impostor packages
⏱
Soak Time Delay new package versions
🚫
Block Unmaintained Avoid abandoned packages
📜
Custom Policies OPA Rego policy engine
Three simple steps to secure your package installations
1
Set up a firewall for each project or team. Configure your security policies, allow lists, and blocking rules.
2
Get unique credentials for your CI/CD pipeline or development environment. Works with pip, npm, and go.
3
Every package installation is scanned, verified, and logged. Threats are blocked before they reach your system.
Define exactly which packages your team can install. Lock down production environments to approved dependencies only. Supports version constraints for precise control.
Block known malicious packages, deprecated libraries, or packages that don't meet your security standards. Automatically updated with threat intelligence.
Real-time scanning of package contents for malicious code patterns. Our detection engine identifies cryptominers, data exfiltration, and supply chain attacks.
Detect and block packages that impersonate popular libraries with subtle name variations. Protect developers from accidentally installing malicious lookalikes.
Delay installation of newly released package versions. Give the community time to discover issues before they hit your production environment.
Automatically block packages that haven't been updated in years. Abandoned packages pose security risks as vulnerabilities go unpatched and dependencies become outdated.
Complete audit trail of every package installation attempt. Know who installed what, when, and whether it was allowed or blocked.
Write custom security policies using the Open Policy Agent Rego language. Policies deny by default and you define allow rules that evaluate package metadata, scores, dependencies, and community signals to explicitly permit packages that meet your organization's requirements.
Protect all your dependencies across multiple languages
Secure pip installations with full support for requirements.txt, Poetry, and Pipenv.
pip install --index-url https://firewall.hextrap.com/...
Protect npm and yarn installations. Works seamlessly with package.json and lock files.
npm config set registry https://firewall.hextrap.com/...
Secure your Go dependencies with GOPROXY support. Full compatibility with go.mod.
GOPROXY=https://firewall.hextrap.com/... go get
Start protecting your package installations in minutes. Free for open source projects.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。