depthfirst Launches Dependency Firewall to Block Malicious Open-Source Packages Before Installation
depthfirst has introduced Dependency Firewall, a product that inspects every open-source package download across an organization and blocks malicious dependencies before they reach developers or AI agents.
depthfirst has introduced Dependency Firewall, a product that reviews every open-source package being downloaded anywhere in a company and blocks the malicious ones before they reach the person or system that requested them. Developers, AI agents, and any employee using Claude, Codex, or other AI tools keep installing exactly as they do today, and nothing dangerous makes it through. Security teams can ensure that AI is rolled out safely across the company.
The tool operates transparently, intercepting package manager requests at the network level. When a developer or AI agent attempts to install a package via npm, pip, or other registries, Dependency Firewall inspects the package metadata, source, and behavior against threat intelligence feeds. If the package is known to be malicious or exhibits suspicious characteristics, the download is blocked before any code reaches the local environment. This pre-install protection is critical because many supply-chain attacks execute malicious code during the installation phase itself, before developers have a chance to review the source.
The launch comes amid a surge in supply-chain attacks targeting open-source ecosystems. Recent incidents include the compromise of npm packages like the @antv/ scope and coordinated bursts of malicious packages impersonating utility names. Attackers are increasingly using automated techniques such as download pumping to inflate package trust signals, making it harder for developers to distinguish safe packages from malicious ones. Dependency Firewall aims to provide a safety net that operates independently of developer judgment.
A key feature of Dependency Firewall is its compatibility with AI-assisted development workflows. Tools like Claude and Codex frequently install packages on behalf of developers, often without manual review. The product ensures that even if an AI agent is tricked into requesting a malicious package, the download is blocked before any harm occurs. This addresses a growing concern that AI agents, which lack security intuition, could become vectors for supply-chain compromise.
Security teams can configure policies to allow or block packages based on criteria such as registry source, package age, download count anomalies, and known vulnerability databases. The product provides visibility into all package download activity across the organization, enabling teams to audit and respond to incidents. depthfirst claims the tool has minimal performance overhead and does not require changes to existing development workflows.
The product is available now for enterprise customers. depthfirst plans to add support for additional package ecosystems and integrate with existing security information and event management (SIEM) systems in future releases. The company positions Dependency Firewall as a necessary layer of defense in an era where open-source software constitutes the majority of code in modern applications, and where attackers have demonstrated sophisticated techniques to compromise the software supply chain.