# decent supply chain attack prevention, examples for unix shells & powershell > Source: > Published: 2026-05-22 13:41:21+00:00 00-supply-chain-safety.sh This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters # install sfw first: (https://socket.dev/blog/introducing-socket-firewall) # bun/pnpm/npm/yarn install -g sfw # add the uncommented snippet below to ~/.zshrc, ~/.bashrc, ~/.profile, or ~/.shrc # reload your shell config: # . ~/.zshrc # . ~/.bashrc # . ~/.profile # . ~/.shrc # also... just disable vscode extension auto updates you don't need them: (https://nx.dev/blog/nx-console-v18-95-0-postmortem) # ctrl + shift + p -> "auto up" -> "Extensions: Disable Auto Update for all Extensions" _sfw_package_manager() { local manager="$1" local subcommand="${2:-}" shift if ! command -v sfw >/dev/null 2>&1; then print -u2 "sfw is not installed or not on PATH" return 127 fi case "$subcommand" in i|install|add|ci|update|up|upgrade|exec|dlx|create) command sfw "$manager" "$@" ;; *) command "$manager" "$@" ;; esac } npm() { _sfw_package_manager npm "$@" } pnpm() { _sfw_package_manager pnpm "$@" } bun() { _sfw_package_manager bun "$@" } yarn() { _sfw_package_manager yarn "$@" } bunx() { command sfw bunx "$@" } npx() { command sfw bunx "$@" } pnpx() { command sfw bunx "$@" } # Extra: block lifecycle scripts / enforce minimum release age per package manager # npm: ~/.npmrc # ignore-scripts=true # min-release-age=3 # days (requires npm v11.10.0 or above) # bun: ~/.bunfig.toml # [install] # ignoreScripts = true # minimumReleaseAge = 259200 # seconds (3 days) # pnpm: ~/.config/pnpm/rc # ignore-scripts=true # minimum-release-age=4320 # minutes (3 days) # yarn: ~/.yarnrc.yml # enableScripts: false # npmMinimalAgeGate: 3d Microsoft.PowerShell_profile.ps1 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters # install sfw first: (https://socket.dev/blog/introducing-socket-firewall) # bun/pnpm/npm/yarn install -g sfw # # open ur ps profile: # New-Item -ItemType File -Force $PROFILE # notepad $PROFILE # # add the uncommented snippet below to the profile then reload it: # . $PROFILE # # also... just disable vscode extension auto updates you don't need them: (https://nx.dev/blog/nx-console-v18-95-0-postmortem) # ctrl + shift + p -> "auto up" -> "Extensions: Disable Auto Update for all Extensions" function Invoke-SfwPackageManager { param( [string] $Manager, [Parameter(ValueFromRemainingArguments = $true)] [string[]] $Args ) $Subcommand = if ($Args.Count -gt 0) { $Args[0] } else { "" } if (-not (Get-Command sfw -ErrorAction SilentlyContinue)) { Write-Error "sfw is not installed or not on PATH" return } switch ($Subcommand) { { $_ -in @("i", "install", "add", "ci", "update", "up", "upgrade", "exec", "dlx", "create") } { & sfw $Manager @Args return } default { & $Manager @Args return } } } function npm { Invoke-SfwPackageManager npm @args } function pnpm { Invoke-SfwPackageManager pnpm @args } function bun { Invoke-SfwPackageManager bun @args } function yarn { Invoke-SfwPackageManager yarn @args } function bunx { & sfw bunx @args } function npx { & sfw bunx @args } function pnpx { & sfw bunx @args } # Extra: block lifecycle scripts / enforce minimum release age per package manager # npm: %USERPROFILE%\.npmrc # ignore-scripts=true # min-release-age=3 # days (requires npm v11.10.0 or above) # bun: %USERPROFILE%\.bunfig.toml # [install] # ignoreScripts = true # minimumReleaseAge = 259200 # seconds (3 days) # pnpm: %USERPROFILE%\.config\pnpm\rc # ignore-scripts=true # minimum-release-age=4320 # minutes (3 days) # yarn: %USERPROFILE%\.yarnrc.yml # enableScripts: false # npmMinimalAgeGate: 3d zz-fish-supply-chain-safety.fish This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters # install sfw first: (https://socket.dev/blog/introducing-socket-firewall) # bun/pnpm/npm/yarn install -g sfw # add the uncommented snippet below to ~/.config/fish/config.fish # reload your shell config: # source ~/.config/fish/config.fish # also... just disable vscode extension auto updates you don't need them: (https://nx.dev/blog/nx-console-v18-95-0-postmortem) # ctrl + shift + p -> "auto up" -> "Extensions: Disable Auto Update for all Extensions" function _sfw_package_manager set manager $argv[1] set args $argv[2..-1] set subcommand "" if test (count $args) -gt 0 set subcommand $args[1] end if not command -q sfw echo "sfw is not installed or not on PATH" >&2 return 127 end switch $subcommand case i install add ci update up upgrade exec dlx create command sfw $manager $args case '*' command $manager $args end end function npm _sfw_package_manager npm $argv end function pnpm _sfw_package_manager pnpm $argv end function bun _sfw_package_manager bun $argv end function yarn _sfw_package_manager yarn $argv end function bunx command sfw bunx $argv end function npx command sfw bunx $argv end function pnpx command sfw bunx $argv end # Extra: block lifecycle scripts / enforce minimum release age per package manager # npm: ~/.npmrc # ignore-scripts=true # min-release-age=3 # days (requires npm v11.10.0 or above) # bun: ~/.bunfig.toml # [install] # ignoreScripts = true # minimumReleaseAge = 259200 # seconds (3 days) # pnpm: ~/.config/pnpm/rc # ignore-scripts=true # minimum-release-age=4320 # minutes (3 days) # yarn: ~/.yarnrc.yml # enableScripts: false # npmMinimalAgeGate: 3d