Skip to content

Gate

Gate is a local HTTP proxy in front of your package registry. When tooling requests packages, Veln scores each one on 20+ trust signals before the bytes reach disk — so fetches are checked at the moment of install, not only on-disk lockfiles after the fact.

What gets scored

20+ signals across six categories:

  • Known vulnerabilities — OSV CVE matches per severity, npm publish-attestation verification.
  • Install scripts — postinstall risk in seven sub-categories (suspicious, critical, exfiltration, timebomb, unicode-trick, IOC match, ordinary lifecycle).
  • Version-to-version changes — dormant-revival, maintainer-count delta, maintainer fingerprint drift, license change, transitive-dep delta, file-tree drift, VCS provenance mismatch.
  • Suspicious source code — eval+decode shapes, child_process+decode payloads, env-gated risky execution, unicode tricks in JS/Python source.
  • Hidden binaries — ELF / Mach-O / PE imports flagged for networking calls when the package doesn’t declare a legitimate native build.
  • Authenticity — typosquat risk against the canonical name list, dependency-confusion against your protected internal scopes.

A score below the configured block threshold returns 403 — the install command sees a clean refusal, and the package never reaches disk.

Supported upstreams

The full tarball-scoring path is built around npm-style and PyPI registry traffic. The six v2 ecosystems (Go modules, Cargo, Composer, RubyGems, NuGet, Maven Central) run a lighter URL-pattern + threat-feed + OSV blocker — artifact-fetch URLs (the .crate, .gem,.nupkg, JAR, module zip, etc.) are checked at request time and blocked with a 403 before the bytes reach disk.

Enforcement flags

The -enforce flag accepts a comma-separated list of ecosystem tokens or all:

veln gate -upstream https://crates.io -enforce cargo
veln gate -upstream https://repo.packagist.org -enforce composer
veln gate -enforce all                    # everything: npm + pypi + 6 v2

Tokens: npm, pypi, cargo, composer, gem, nuget, maven, go. npm/pypi use the full tarball scorer (integrity, OSV, license policy, attestation, dependency-confusion); the six v2 ecosystems use the URL+threatfeed+OSV path. All six v2 enforcers share the same local threat-feed file, so operators only maintain one denylist (~/.veln/threat-denylist.txt).

Metadata filtering vs. artifact blocking (v2)

The v2 enforcers act at two points:

  • Metadata filtering — threat-feed-blocked versions are stripped out of the available-versions list the resolver sees (Cargo sparse-index, Composer /p2, RubyGems compact-index, Go @v/list, Maven metadata XML, and NuGet V3 registration index/pages — including gzip-encoded -gz-semver2 feeds). cargo update / composer update then automatically pick a clean version instead of erroring on a 403.
  • Artifact blocking — the backstop: any blocked .crate / .gem / .nupkg / JAR / module zip download returns 403 (threat-feed and OSV HIGH/CRITICAL). OSV runs here, not at metadata time, because a per-version severity lookup would be too slow to inline into every resolve.

Relationship to verify

Use verify for project-wide lockfile runs; use gate when you want automatic checks on what the client is downloading in real time. Many teams use both.

Gate vs. wrappers — which should I use?

Veln offers two install-time defenses with different ergonomics. Pick based on environment:

  • Developer machines: wrappers (recommended). Run veln wrapper on once. Every npm install / pip install / yarn add automatically routes through the gate and an OS-level sandbox (Landlock / sandbox-exec / Windows Job Object). The sandbox catches what the gate cannot see — a malicious postinstall script reading ~/.aws/credentials or exfiltrating to a non-registry host. The gate alone cannot stop that.
  • Shared host: gate proxy (transparent). Run the gate as a long-running proxy on a licensed build host or team server and point package managers at it via install-env. Installs stay unchanged (plain npm install); the gate enforces silently for everything that routes through it.
  • Both, together: Wrappers on developer machines + a shared gate is the defense-in-depth posture most teams converge on. They are complementary, not alternatives.

One-shot variant: veln npm install <pkg> (or veln safe npm install …) wraps a single invocation without touching PATH — the gate + sandbox apply for that one command.

Protection levels (local config)

Set gate_protection in ~/.veln/config.toml to light, medium, or total to tune how hard the proxy works on npm/PyPI traffic. veln verify always runs full depth; only Gate follows this preset. Run veln onboarding to pick a level interactively, or see veln help gate for the matrix.

← Documentation overview