In continuously monitoring PyPI and npm for open source malware, we observe malicious packages targeting software developers almost every day. Today, we are excited to introduce Supply-Chain Firewall, a new open source project from Datadog Security Labs aimed at defending developers, the primary consumers of the software supply chain, from malicious open-source packages.
The agony and the ecstasy of open source
Software development as we know it today would not be possible without readily available third-party open source packages. In the course of normal business, developers constantly test and tinker with libraries sourced from centralized package repositories like PyPI and npm, always within reach thanks to command-line package managers like pip and npm.
Despite the numerous benefits, using open source packages is not without particular security risks. Open source threat actors routinely publish packages containing embedded, often obfuscated malicious code to PyPI and npm that specifically target software developers, usually in efforts to steal their privileged information like API keys or cryptowallets. Such packages can run malicious code on import or, more often, abuse post-install command hooks provided by pip and npm to compromise developers’ machines at install-time. This year, we have documented significant campaigns from nation-state threat actors targeting developers using these very techniques.
Though prudent, expecting developers to thoroughly audit open source packages before installing and using them is not realistic and would negatively impact the developer experience to an unreasonable degree. The result, however, is that open source software supply-chain security, at least with respect to the developer workstation, falls to the wayside.
Enter Supply-Chain Firewall: a Python tool for preventing the installation of malicious and vulnerable PyPI and npm packages. Its primary goal is to protect software engineers’ development workstations from compromise via exactly these sorts of software supply-chain attacks.
In this blog post, we showcase the main features of Supply-Chain Firewall, point the way forward for future development of the tool, and let you know how you can get started using or contributing to it.
A tour of Supply-Chain Firewall
Blocking installations of known-malicious packages
A pip or npm command may be run through Supply-Chain Firewall by simply prepending scfw run to it. The output below shows Supply-Chain Firewall blocking an npm install command for a package that is known to be malicious.
$ scfw run npm install passports-js
Installation target passports-js@0.0.1-security:
- Datadog Security Research has determined that package passports-js is malicious
- An OSV.dev malicious package disclosure exists for package passports-js@0.0.1-security:
* https://osv.dev/vulnerability/MAL-2024-8868
The installation request was blocked. No changes have been made.
Supply-Chain Firewall works by introspecting pip and npm commands to determine whether any package targets they propose to install or update are known to be malicious or vulnerable. Would-be installation targets are queried against a set of sources of truth for malicious package advisories and open source vulnerabilities.
By default, scfw queries two sources:
- Datadog Security Research’s own public dataset of malicious PyPI and npm packages
- The public Open Source Vulnerabilities API
Users can also easily extend scfw by adding their own custom analyzers representing alternative data sources.
Aborting installations of vulnerable packages
Though Supply-Chain Firewall automatically blocks installations of known-malicious packages, it presents users with a choice to continue in cases when a package target has findings but is not known to be malicious. This is illustrated in the run of scfw below, this time for a pip install command. Here, the user chose to abort the installation after reviewing more information about the reported advisory.
$ scfw run pip install urllib3==2.2.1
Installation target urllib3-2.2.1:
- An OSV.dev disclosure exists for package urllib3-2.2.1:
* https://osv.dev/vulnerability/GHSA-34jh-p97f-mpxf
[?] Proceed with installation? (y/N):
The installation request was aborted. No changes have been made.
Otherwise, if no installation targets present any concerns, scfw gets out of the way and runs the given command:
$ scfw run pip install -r requirements.txt
Collecting prettytable
Using cached prettytable-3.12.0-py3-none-any.whl (31 kB)
Collecting pynamodb
Using cached pynamodb-6.0.1-py3-none-any.whl (61 kB)
Collecting wcwidth
Using cached wcwidth-0.2.13-py2.py3-none-any.whl (34 kB)
Collecting botocore>=1.12.54
Using cached botocore-1.35.71-py3-none-any.whl (13.0 MB)
Collecting typing-extensions>=4
Using cached typing_extensions-4.12.2-py3-none-any.whl (37 kB)
Collecting jmespath<2.0.0,>=0.7.1
Using cached jmespath-1.0.1-py3-none-any.whl (20 kB)
Collecting urllib3!=2.2.0,<3,>=1.25.4
Using cached urllib3-2.2.3-py3-none-any.whl (126 kB)
Collecting python-dateutil<3.0.0,>=2.1
Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
Collecting six>=1.5
Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Installing collected packages: wcwidth, urllib3, typing-extensions, six, prettytable, jmespath, python-dateutil, botocore, pynamodb
Successfully installed botocore-1.35.71 jmespath-1.0.1 prettytable-3.12.0 pynamodb-6.0.1 python-dateutil-2.9.0.post0 six-1.16.0 typing-extensions-4.12.2 urllib3-2.2.3 wcwidth-0.2.13
Open source observability via Supply-Chain Firewall
This illustrates the basic value proposition of Supply-Chain Firewall as an ad-hoc, install-time filter for open source packages. However, with a bit of very simple additional configuration, you can unlock the true potential of scfw as:
- An always-on protection for software developers
- A source of crucial telemetry data for system administrators about which packages are installed across their fleet of developer laptops
You can accomplish the first goal by adding shell aliases to, for example, your .bashrc file so that pip and npm expand respectively to scfw run pip and scfw run npm. With a Datadog API key, you can achieve the second goal by making use of Supply-Chain Firewall’s native support for Datadog Log Management. As illustrated in the following output, the scfw configure subcommand is ready to walk you through configuring your environment to get the most out of Supply-Chain Firewall.
$ scfw configure
Thank you for using scfw, the Supply-Chain Firewall by Datadog!
scfw is a tool for preventing the installation of malicious PyPI and npm packages.
This script will walk you through setting up your environment to get the most out
of scfw. You can rerun this script at any time.
[?] Would you like to set a shell alias to run all pip commands through the firewall? (Y/n):
[?] Would you like to set a shell alias to run all npm commands through the firewall? (Y/n):
[?] Would you like to enable sending firewall logs to Datadog? (y/N): y
[?] Enter a Datadog API key: MyDatadogAPIKey
[?] Select the desired log level for Datadog logging:
BLOCK
ABORT
> ALLOW
After using scfw configure to set things up just right, malicious packages are automatically kept out of your system without a second thought:
$ npm install bcrypts-js
Installation target bcrypts-js@0.0.1-security:
- Datadog Security Research has determined that package bcrypts-js is malicious
- An OSV.dev malicious package disclosure exists for package bcrypts-js@0.0.1-security:
* https://osv.dev/vulnerability/MAL-2024-8862
The installation request was blocked. No changes have been made.
And if you have opted into the Log Management integration, all logs for blocked, aborted or allowed installations are visible in Datadog:
What’s next
In the weeks following this initial release, we are eager to see how people use Supply-Chain Firewall and hear what works well and what needs further refinement. This feedback will be extremely valuable to us as we plan for future development. You can share issues and suggestions via the project’s GitHub repository.
One star we are already sailing by: extending scfw to support other popular package manager commands for these ecosystems, especially pnpm and yarn for npm as well as poetry for PyPI. Keep an eye on the repo for updates.
Check out Supply-Chain Firewall
Supply-Chain Firewall is available for download via PyPI (pip install scfw) and GitHub. Try it out and let us know your thoughts at securitylabs@datadoghq.com. We also welcome community feedback and contributions: get involved on GitHub.
