{"slug":"I-added-sfw-to-my-package-manager-commands-after-the-recent-npm-supply-chain-mess","title":"I added `sfw` to my package manager commands after the recent npm supply chain mess","date":"2026-05-24","description":"A small setup I added after recent npm supply chain attacks made me realize how casually we execute untrusted install-time code on our machines.","content":"\nA few days ago I saw a [tweet](https://x.com/sebastienlorber/status/2057733567484953019?utm_source=twlite.dev) from [Sébastien Lorber](https://x.com/sebastienlorber?utm_source=twlite.dev) talking about [Socket Firewall](https://socket.dev/blog/introducing-socket-firewall?utm_source=twlite.dev) and honestly it made me rethink how casually I run package manager commands on my machine.\n\n<Tweet id=\"2057733567484953019\" />\n\nMost of us type stuff like this without thinking:\n\n```bash\nnpm install\npnpm install\nnpx something\nbun install\n```\n\nBut the reality is that these commands are executing code from the internet directly on your machine.\n\nNot later. Not after review. Immediately.\n\nAnd recently, attackers have been abusing that pretty aggressively.\n\nThe latest wave, called [\"Mini Shai-Hulud\"](https://www.techradar.com/pro/security/mini-shai-halud-hackers-publish-over-600-compromised-npm-packages-developers-warned-to-be-on-their-guard?utm_source=twlite.dev), compromised hundreds of npm packages, including packages connected to ecosystems like TanStack, Mistral, OpenSearch, UiPath, and others. Some of these packages are downloaded millions of times.\n\nThis wasn't just random crypto-miner garbage either.\n\nThe malware was specifically targeting developer environments:\n\n- GitHub tokens\n- SSH keys\n- cloud credentials\n- CI/CD secrets\n- npm auth tokens\n\nBasically the exact stuff that can turn one compromised laptop into a much larger breach, [as reported by TechRadar](https://www.techradar.com/pro/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack-but-says-no-user-data-was-affected?utm_source=twlite.dev).\n\nSome attacks reportedly spread through postinstall hooks and poisoned package updates. Others abused trusted publishing workflows and maintainer credentials, [per upwind.io](https://www.upwind.io/feed/mini-shai-hulud-targets-sap-npm-packages-ci-cd-publishing-pipeline-abused-in-supply-chain-attack?utm_source=twlite.dev).\n\nThe scary part is that many of these packages were legitimate trusted packages before being compromised. Not fake typo packages. Not obvious malware. Actual real dependencies people already used in production.\n\nTanStack itself published a [postmortem](https://tanstack.com/blog/npm-supply-chain-compromise-postmortem?utm_source=twlite.dev) after one of the compromises.\n\nSo I ended up doing something very small but honestly pretty reasonable:\n\nI wrapped my package manager commands through `sfw`.\n\nInstead of:\n\n```bash\nnpm install\n```\n\nI now effectively run:\n\n```bash\nsfw npm install\n```\n\nSame for:\n\n- npx\n- pnpm\n- pnpx\n- yarn\n- bun\n- bunx\n\nOn macOS/Linux I added this to my shell config:\n\n```bash title=\"Shell config (.bashrc/.zshrc)\"\nwrap_sfw() {\n  if command -v sfw >/dev/null 2>&1; then\n    sfw \"$1\" \"${@:2}\"\n  else\n    \"$@\"\n  fi\n}\n\nnpm()  { wrap_sfw npm  \"$@\"; }\nnpx()  { wrap_sfw npx  \"$@\"; }\npnpm() { wrap_sfw pnpm \"$@\"; }\npnpx() { wrap_sfw pnpx \"$@\"; }\nyarn() { wrap_sfw yarn \"$@\"; }\nbun()  { wrap_sfw bun  \"$@\"; }\nbunx() { wrap_sfw bunx \"$@\"; }\n```\n\nAnd on PowerShell:\n\n```powershell title=\"PowerShell profile ($PROFILE)\"\n$SfwCommands = @(\"npm\", \"npx\", \"pnpm\", \"pnpx\", \"yarn\", \"bun\", \"bunx\")\n\nfunction Invoke-SfwOrNative {\n    param(\n        [string] $CommandName,\n        [object[]] $CommandArgs\n    )\n\n    $sfw = Get-Command sfw -ErrorAction SilentlyContinue\n\n    if ($sfw) {\n        & sfw $CommandName @CommandArgs\n        return\n    }\n\n    $native = Get-Command $CommandName -CommandType Application, ExternalScript -ErrorAction SilentlyContinue |\n        Select-Object -First 1\n\n    & $native.Source @CommandArgs\n}\n\nforeach ($cmd in $SfwCommands) {\n    Set-Item \"function:$cmd\" {\n        Invoke-SfwOrNative $MyInvocation.MyCommand.Name $args\n    }\n}\n```\n\nThe nice thing about doing it this way is:\n\n- if `sfw` exists, commands go through it\n- if not, everything still works normally\n\nNo muscle memory changes.\n\nI don't think this magically solves supply chain attacks. If a package is compromised badly enough and you explicitly allow it, you're still cooked.\n\nBut I do think the industry has been way too trusting about install-time code execution for years. We normalized running arbitrary scripts from random transitive dependencies because it was convenient. Now we're seeing the consequences of that at scale.\n\nAnd honestly, I think this is only the beginning. Especially with AI-generated code becoming more common, people are installing dependencies faster and thinking about them less, [according to an arXiv paper](https://arxiv.org/abs/2605.17062?utm_source=twlite.dev).\n\nA few years ago, reviewing dependencies was already rare. Now half the internet is copy-pasting\n\n```bash\nnpm install <package-name>\n```\n\ndirectly from AI chats, blogs, tweets, or generated README files.\n\nThat combination is dangerous. I'm not trying to be paranoid about open source here. I love open source. Most of my work depends on it. But I think developers should start treating package installation with the same caution they treat running random shell scripts from the internet. Because realistically, they are almost the same thing.\n","readingTime":"4","tags":["npm","supply-chain-security","cybersecurity","package-managers","socket-firewall","socket.dev","javascript","nodejs"]}