cd /news/cybersecurity/decent-supply-chain-attack-preventio… · home topics cybersecurity article
[ARTICLE · art-10149] src=gist.github.com ↗ pub= topic=cybersecurity verified=true sentiment=· neutral

decent supply chain attack prevention, examples for unix shells & powershell

The article provides configuration snippets for Unix shells (`.zshrc`, `.bashrc`) and PowerShell profiles to wrap package manager commands (`npm`, `pnpm`, `bun`, `yarn`) with the Socket Firewall (`sfw`) tool for supply chain attack prevention. It also includes optional settings to block lifecycle scripts and enforce a minimum package release age for each package manager. Additionally, the article recommends disabling automatic updates for VS Code extensions to reduce supply chain risks.

read4 min views17 publishedMay 22, 2026
00-supply-chain-safety.sh

      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.

Learn more about bidirectional Unicode characters

Show hidden characters
_sfw_package_manager() {

    local manager="$1"

    local subcommand="${2:-}"

    shift

    if ! command -v sfw >/dev/null 2>&1; then

        print -u2 "sfw is not installed or not on PATH"

        return 127

    fi

    case "$subcommand" in

        i|install|add|ci|update|up|upgrade|exec|dlx|create)

            command sfw "$manager" "$@"

            ;;

        *)

            command "$manager" "$@"

            ;;

    esac

}

npm() { _sfw_package_manager npm "$@" }

pnpm() { _sfw_package_manager pnpm "$@" }

bun() { _sfw_package_manager bun "$@" }

yarn() { _sfw_package_manager yarn "$@" }

bunx() { command sfw bunx "$@" }

npx() { command sfw bunx "$@" }

pnpx() { command sfw bunx "$@" }

Microsoft.PowerShell_profile.ps1

  This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.

Learn more about bidirectional Unicode characters

Show hidden characters

#

#

#

function Invoke-SfwPackageManager {

    param(

        [string] $Manager,

        [Parameter(ValueFromRemainingArguments = $true)]

        [string[]] $Args

    )

    $Subcommand = if ($Args.Count -gt 0) { $Args[0] } else { "" }

    if (-not (Get-Command sfw -ErrorAction SilentlyContinue)) {

        Write-Error "sfw is not installed or not on PATH"

        return

    }

    switch ($Subcommand) {

        { $_ -in @("i", "install", "add", "ci", "update", "up", "upgrade", "exec", "dlx", "create") } {

            & sfw $Manager @Args

            return

        }

        default {

            & $Manager @Args

            return

        }

    }

}

function npm { Invoke-SfwPackageManager npm @args }

function pnpm { Invoke-SfwPackageManager pnpm @args }

function bun { Invoke-SfwPackageManager bun @args }

function yarn { Invoke-SfwPackageManager yarn @args }

function bunx { & sfw bunx @args }

function npx { & sfw bunx @args }

function pnpx { & sfw bunx @args }















zz-fish-supply-chain-safety.fish

      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.

Learn more about bidirectional Unicode characters

Show hidden characters
function _sfw_package_manager

    set manager $argv[1]

    set args $argv[2..-1]

    set subcommand ""

    if test (count $args) -gt 0

        set subcommand $args[1]

    end

    if not command -q sfw

        echo "sfw is not installed or not on PATH" >&2

        return 127

    end

    switch $subcommand

        case i install add ci update up upgrade exec dlx create

            command sfw $manager $args

        case '*'

            command $manager $args

    end

end

function npm

    _sfw_package_manager npm $argv

end

function pnpm

    _sfw_package_manager pnpm $argv

end

function bun

    _sfw_package_manager bun $argv

end

function yarn

    _sfw_package_manager yarn $argv

end

function bunx

    command sfw bunx $argv

end

function npx

    command sfw bunx $argv

end

function pnpx

    command sfw bunx $argv

end

── more in #cybersecurity 4 stories · sorted by recency
── more on @socket.dev 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/decent-supply-chain-…] indexed:0 read:4min 2026-05-22 ·