LPM Firewall checks package versions and transitive dependencies against live malicious-package intelligence. Malicious npm packages are blocked before they ever reach your machine.

// 02 —  THREAT FEED

Latest malicious packages.

The newest package versions blocked by the firewall, loaded from the latest scan snapshot.

Full advisory archive →
19 mins ago
grapes-andrewdingus@1.0.35
Remote Code Execution

Direct source inspection confirms a runtime fetch-and-eval path for remote JavaScript, which is a concrete remote-code execution/staged payload behavior. The absence of install hooks redu...

21 mins ago
@getfrontline/cli@1.0.20
Ai Agent Control Hijack

Source inspection confirms unconsented postinstall writes into ~/.claude/skills, which the policy treats as blockable AI-agent control hijack even when the planted instructions are produc...

34 mins ago
hello244a@1.0.16
Malware

OpenSSF Malicious Packages via OSV confirms hello244a@1.0.16 as malicious (MAL-2026-5188): Malicious code in hello244a (npm)

2 hours ago
bingocode@1.1.193
Ai Agent Control Hijack

The package performs unconsented install-time delivery of package-supplied Claude skills into ~/.claude/skills, which matches the firewall policy for blockable AI-agent control hijack. Th...

2 hours ago
peaks-loop@3.1.2
Ai Agent Control Hijack

Direct source inspection confirms unconsented lifecycle mutation of multiple foreign/broad AI-agent control surfaces, which the policy treats as blockable AI-agent control hijack even whe...

2 hours ago
@ploomescrm/ui@2.4.0
Ai Agent Control Hijack

Under the supplied policy, lifecycle code that drops package-supplied Claude/agent control files into a consumer project without consent is blockable even when content is product-aligned....

3 hours ago
claude-codex-wechat@0.1.33
Ai Agent Control Hijack

The package crosses the block boundary because a lifecycle hook silently registers a package-controlled MCP server into Codex, a foreign/broad AI-agent control surface. The planted tools...

3 hours ago
chai-redirection@0.0.1
Remote Code Execution

Static source inspection confirms unconsented import-time execution of a detached helper that retrieves and evaluates remote payloads. This is concrete malicious behavior, not merely a su...

3 hours ago
searchresults@999.0.0
Data Exfiltration

The inspected source confirms unconsented install-time collection and exfiltration of environment and host metadata to external endpoints. The declared security-research PoC purpose does...

// 03 —  HOW IT WORKS

Turn on Firewall through LPM.

Start with LPM CLI, become Pro on lpm.dev, then enable Firewall from lpm config. Your package installs keep the speed of LPM with an extra malicious-package block layer in front.

Step 01
Install LPM CLI

Install LPM CLI from cli.lpm.dev. It is already faster and more secure for npm installs, even before Firewall is enabled.

Step 02
Become Pro

Upgrade on lpm.dev so your account can use LPM Firewall protection across package installs.

Step 03
Enable Firewall

Open LPM CLI, enable Firewall from lpm config, and route package installs through the protected registry.

Start with LPM CLI, then enable Firewall.

Install the faster and more secure CLI, upgrade to Pro on lpm.dev, and enable Firewall from lpm config when you are ready.