LPM Firewall checks package versions and transitive dependencies against live malicious-package intelligence. Malicious npm packages are blocked before they ever reach your machine.
The newest package versions blocked by the firewall, loaded from the latest scan snapshot.
Direct source inspection confirms a runtime fetch-and-eval path for remote JavaScript, which is a concrete remote-code execution/staged payload behavior. The absence of install hooks redu...
Source inspection confirms unconsented postinstall writes into ~/.claude/skills, which the policy treats as blockable AI-agent control hijack even when the planted instructions are produc...
OpenSSF Malicious Packages via OSV confirms hello244a@1.0.16 as malicious (MAL-2026-5188): Malicious code in hello244a (npm)
The package performs unconsented install-time delivery of package-supplied Claude skills into ~/.claude/skills, which matches the firewall policy for blockable AI-agent control hijack. Th...
Direct source inspection confirms unconsented lifecycle mutation of multiple foreign/broad AI-agent control surfaces, which the policy treats as blockable AI-agent control hijack even whe...
Under the supplied policy, lifecycle code that drops package-supplied Claude/agent control files into a consumer project without consent is blockable even when content is product-aligned....
The package crosses the block boundary because a lifecycle hook silently registers a package-controlled MCP server into Codex, a foreign/broad AI-agent control surface. The planted tools...
Static source inspection confirms unconsented import-time execution of a detached helper that retrieves and evaluates remote payloads. This is concrete malicious behavior, not merely a su...
The inspected source confirms unconsented install-time collection and exfiltration of environment and host metadata to external endpoints. The declared security-research PoC purpose does...
Start with LPM CLI, become Pro on lpm.dev, then enable Firewall from lpm config. Your package installs keep the speed of LPM with an extra malicious-package block layer in front.
Install LPM CLI from cli.lpm.dev. It is already faster and more secure for npm installs, even before Firewall is enabled.
Upgrade on lpm.dev so your account can use LPM Firewall protection across package installs.
Open LPM CLI, enable Firewall from lpm config, and route package installs through the protected registry.
Install the faster and more secure CLI, upgrade to Pro on lpm.dev, and enable Firewall from lpm config when you are ready.