You install normally
Run npm install, pip install, or cargo add exactly as you do today. Veln routes your package manager traffic through a local proxy that runs silently in the background. Nothing changes about your workflow.
Supply-chain security
Block bad packages. Before they download.
Over 20 trust signals score every install — known CVEs, maintainer changes, install scripts, hidden payloads. Bad packages are blocked before any byte reaches your disk.
Same commands. Same lockfiles. Zero workflow change.
The problem
The install command you run every day is a trust decision you're not making.
When event-stream was compromised in 2018, the attacker didn't hack npm. They asked the maintainer for access. Within days, a malicious version with a Bitcoin-stealing payload was installed by thousands of developers. The package looked legitimate. The maintainer's account was legitimate. The install command was identical.
PyPI is among the most-targeted package registries for supply chain attacks. Each year hundreds of malicious packages are identified on PyPI — most mimicking popular libraries like requests, boto3, and numpy. Many remain live for days before detection.
Most major npm and PyPI attacks in recent years have exploited the same gap: the hours between when a malicious package is published and when any threat feed knows about it. During that window, your npm install and pip install commands trust the registry completely. Nothing checks what you're actually downloading.
One malicious publish: threat feeds are still blind while installs happen.
- Malicious version published
- First installs (auto-updaters)
- Package yanked by maintainer
- Threat feed alert published
Veln doesn't wait for that feed. On the first install attempt, the cooling gate can hold the version — before a feed would ever flag it.
Veln closes the window. Not by checking threat feeds faster — by not trusting any package that hasn't earned it.
Workflow
How it works
Veln scores it
Over 20 trust signals run before the package downloads — CVEs, maintainer changes, install scripts, hidden payloads. Cached packages clear in under 50 ms; new ones are fetched and scored end-to-end.
Bad ones never land
A failing score refuses the install — the package never touches your disk. When Veln blocks, it names the exact signal that fired (file, line, reason). No vague “suspicious activity detected.”
Coverage
Real-time blocking. Eight ecosystems.
The Veln gate proxies every package fetch and blocks known-malicious artifacts before the bytes reach disk. npm and PyPI get the full tarball-scoring pipeline — integrity check, OSV severity, license policy, publish attestation, dependency-confusion. Go, Cargo, RubyGems, NuGet, and Maven/Gradle get URL-pattern + threat-feed + OSV blocking — same install-time 403, lighter scoring path. For pre-commit and local lockfile gating, veln verify runs the full pipeline (cooling, dormant-revival, archive-deep scan, license policy) across all eight ecosystems — including Composer, which is gated at the lockfile rather than the wire (its artifacts download from third-party hosts the gate can't proxy).
npm & Node.js
- Interception
NPM_CONFIG_REGISTRY- Package managers
- npm · yarn · pnpm · bun
- Lockfiles
package-lock.json·yarn.lock·pnpm-lock.yaml- Install hooks
- postinstall, preinstall, gyp builds
Frozen install: npm ci
Python & pip
- Interception
PIP_INDEX_URL+UV_INDEX_URL- Package managers
- pip · pip3 · uv · pipx
- Lockfiles
requirements.txt·uv.lock·poetry.lock- Install hooks
setup.pycmdclass,pyproject.tomlhooks
Frozen install: pip install -r requirements.txt
Plus six more — same trust pipeline
- Go
- Rust · Cargo
- Ruby · Bundler
- .NET · NuGet
- JVM · Maven / Gradle
- PHP · Composerlockfile verify
Capabilities
One agent. The whole supply-chain surface.
Detect what's malicious, contain what you can't reject outright, and wire it into your policy and review flow — across every package manager, on every developer machine.
Detect
20+ trust signals, scored before a single byte downloads.
- Known CVEsOSV database, with a local mirror for offline scans
- Provenancenpm publish-attestation checks
- Malicious install scriptsDownload-and-execute, time-bombs, unicode tricks
- Maintainer & release driftNew maintainers, dormant revivals, license flips
- Typosquats & dep-confusionLook-alikes and attacks on your internal scopes
- Obfuscated codeRuntime-decoded (eval / atob) and packed payloads
- Hidden binariesNative executables that phone home
- Permission creepCapabilities a version gained that earlier ones lacked
- Data exfiltrationTelemetry, shipped secrets, geo-targeted payloads
- Cooling windowsRefuse releases younger than your age threshold
- Your threat feedBlock against a denylist you maintain
Contain
Three independent layers — if one misses, the next catches it.
- Pre-download gateRefuses anything below your trust threshold, before disk
- Integrity databaseSigned (Ed25519); catches byte, maintainer & file-tree drift
- OS sandboxInstall scripts boxed by Landlock, Seatbelt, Job Object
- Credential lockdownBlocks ~/.aws, ~/.ssh, ~/.npmrc & more during installs
Operate
Wire it into your policy and your review flow.
- SBOM exportCycloneDX and SPDX
- Policy-as-codeYour own allow / warn / block rules — enforced at the gate too
- Suppressions & VEXReview once; OpenVEX-compatible
- ReachabilityRelax findings your code never imports or calls
- Triage toolingexplain, fix and diff for fast remediation
- Scriptable outputMachine-readable JSON + meaningful exit codes
- Local consoleFull per-package finding history
Pricing
Simple pricing.
$9.99 per device · lifetime
One price, paid once per machine. Full supply-chain protection on every developer machine — real-time install blocking across npm, PyPI, Go, Cargo, RubyGems, NuGet, and Maven/Gradle; full-pipeline lockfile verify for all eight ecosystems.
No subscription, no renewals. Buy another device license whenever you add a machine.
Protect your next install.
Create an org, install the CLI, and run veln activate—every package install on your machine is verified.
$9.99 per device · one-time · lifetime