Package security

Developer package security for npm, PyPI, WordPress, Composer, and Maven

Your build pulls hundreds of third-party packages, and any one of them runs code on your machine and in CI. This hub explains how npm, PyPI, WordPress, Composer, and Maven packages get weaponized and how Extuno inspects them before they reach your dependency tree.

In shortPackage security means checking every npm, PyPI, WordPress, Composer, and Maven dependency for typosquatting, install-script execution, dependency confusion, account takeover, and leaked secrets. Extuno scans each package with static rules, a sandbox, AI review, and version-diffing, then returns a SARIF gate result for CI.

Why is package security different from application security?

Application security assumes you wrote the code. Package security assumes you did not. A single npm install or pip install can fetch hundreds of transitive dependencies, and several of them execute code at install time before any of your tests run. The attacker does not need to breach your servers; they only need one of your dependencies to ship a malicious version.

That is why the attack surface lives in the npm and PyPIComposerMaven ecosystems rather than in your own repository. Extuno treats each package as untrusted input and inspects it the same way it inspects a browser extension: read the code statically, run it in isolation, and compare versions to catch a poisoned update.

What is typosquatting and dependency confusion?

Typosquatting registers a package whose name is one keystroke off a popular one, so a fat-fingered install pulls the attacker's code. Dependency confusion publishes a public package using the name of one of your private internal packages, betting that a misconfigured resolver prefers the higher public version number.

Both attacks land before a human ever reads the source, which is why naming signals matter. Extuno flags package names that are edit-distance near a known popular package and surfaces version and registry mismatches as part of every scan. These naming attacks are a recurring entry point in the broader pattern documented under supply-chain attacks, and confirmed malicious names are tracked in the Malicious DB.

How does install-script RCE work?

npm lifecycle hooks (preinstall, install, postinstall) PyPI, WordPress, Composer, and Maven setup.py both run arbitrary code on the installing machine. That machine is often a developer laptop or a CI runner holding cloud credentials, so install-time execution is remote code execution with a credential reward attached.

Extuno reads these hooks statically and also runs the package in a network-segmented sandbox to capture what the install actually does: which endpoints it contacts, what data it sends, and which system APIs it calls. The dynamic layer records real behavior instead of guessing from the source, so a postinstall script that downloads a second-stage payload is caught at the network boundary. See npm package security and PyPI package security for ecosystem-specific hook handling.

What happens when a maintainer account is taken over?

The most dangerous compromise is not a new malicious package; it is a trusted package that turns malicious through its update channel. An attacker who phishes or hijacks a maintainer account ships version 3.3.7 of a package you already use and trust, and your next install pulls it automatically.

This is the headline failure mode of package security, and the event-stream incident is the canonical example: a popular package handed to a new maintainer who added a payload targeting a specific wallet. Extuno's version-diffing compares each new release against the prior one and raises an alert when behavior escalates, for example a benign package that suddenly adds a network endpoint or an install hook. That is the difference between auditing once and watching the update channel.

How do packages leak secrets?

Packages leak credentials in two directions. They ship secrets that the publisher forgot to remove (a token in a .npmrc, an API key baked into a build artifact), and they exfiltrate secrets they find on the installing machine. Both are findable.

Extuno runs over 1000 secret detectors across package source and build output, each pattern anchored to a provider format so a real key is reported and a random string is not. Static detection covers files in the package; the sandbox additionally captures credentials that only appear in runtime traffic. Read more under secret leak detection, and wire the same checks into your pipeline with CI/CD secret scanning.

How does Extuno scan a package?

Every package goes through three layers. Static analysis reads the code without running it, applying 1100+ rules and the secret detectors to source, manifests, and install hooks. Dynamic analysis executes the package in an isolated microVM and records endpoints, data sent, API calls, and screenshots. AI code analysis reads the full source, correlates behavior across versions, and explains each finding in plain terms; it stays advisory.

On top of those layers, version-diffing flags a poisoned update channel, and every finding carries its evidence: file, line, why it is dangerous, and the recommended action. For pipelines, Extuno emits SARIF plus JSON and a pass or fail gate, so a malicious dependency blocks the merge instead of reaching production. Start with npm or PyPI.

Block a malicious dependency in CI with the gate result
extuno scan --eco npm ./package.tgz --sarif out.sarif --gate
# exit code is non-zero when the gate fails on a malicious or high finding

Frequently asked questions

Which package ecosystems does Extuno support?

For developer packages, Extuno scans npm, PyPI, WordPress, Composer, and Maven. It also scans browser and editor extensions across Chrome, Firefox, VS Code, JetBrains, Eclipse, and Discord client mods, for eight supported ecosystems in total.

Does Extuno run install scripts to find install-time attacks?

Yes. The dynamic layer executes the package in a network-segmented microVM and captures what the install actually does, including endpoints contacted, data sent, and system API calls, so install-script RCE is observed rather than inferred.

How does Extuno catch a package poisoned through an update?

Version-diffing compares each new release against the prior one and raises an alert when behavior escalates, such as a new network endpoint or a newly added install hook. This catches maintainer-account takeover where a trusted package turns malicious.

Can I block a malicious dependency in CI?

Yes. Extuno emits SARIF and JSON plus a pass or fail gate. Configure the gate to fail the build on a malicious or high-severity finding so the dependency never reaches production.

How does Extuno avoid false positives on secret detection?

Each of the 1000+ secret detectors is anchored to a provider-specific token format. A string is reported only when it matches a real credential shape, and the dynamic layer adds secrets that appear only in runtime traffic.

Related