Block risky packages before they enter your tree.

Where it lives

Package-manager registry-proxy mode. Your developers and CI runners point at the firewall as their npm / PyPI / Maven / NuGet / RubyGems / Cargo / Go module proxy. The firewall evaluates every install request and either forwards the upstream payload (allow), returns a structured 403 (block), or returns an allow with a signed warning (warn).

What it evaluates

For every {ecosystem, name, version} request:

• CISA KEV status
• EPSS exploitation probability
• ExploitDB entry presence
• JS/TS reachability against your call graph
• Attack-path score
• License obligations against your blocklist
• Trust-delta vs. the last approved version

Three rollout modes

Trust-delta gating

Absolute thresholds miss the threats that matter most: maintainer takeovers, credential leaks, dependency confusion. Trust-delta gating compares the trust score of the requested version against the last approved one. A drop of more than your configured delta triggers a block — even without a CVE.

firewall:
  mode: enforce
  trust_delta:
    threshold: 0.30          # block if score drops > 0.30
    cooldown_hours: 24       # block fresh versions for 24h
  signals:
    kev: { block_on_match: true }
    epss: { block_at_or_above: 0.90 }
    license:
      blocklist: ["AGPL-3.0", "SSPL-1.0"]

Signed bypass

Bypass is supported — emergencies happen. But every bypass requires either a signed waiver (cryptographically signed by a designated approver), an expiring one-shot token, or a human-approver workflow. Bypass attempts themselves are audited and signed. See Signed bypass.