Blog

Real supply-chain incidents, attack patterns, and how nproxy stops risky packages before they reach production — across local dev, CI, Docker, Kubernetes, and cloud.

April 4, 2026

Your AI Agent Just Installed Malware

AI coding agents select vulnerable dependencies 50% more often than humans. Slopsquatting turns hallucinated package names into real malware. Here is how to protect your team.

April 2, 2026

The axios@1.14.1 Attack: What Happened and How to Protect Your Team

North Korean threat actors hijacked the most popular HTTP library on npm. Four nproxy rules would have caught it.

April 2, 2026

A Timeline of npm Supply Chain Attacks: 2017–2026

From crossenv to axios: a chronological walkthrough of every major npm supply chain attack and the patterns that repeat.

April 2, 2026

Why Your Developers Shouldn’t Know About Your Security Proxy

Security tools that require developer interaction get ignored or bypassed. The best security is invisible.

April 1, 2026

event-stream Attack: How nproxy Flags Risk

The 2018 event-stream compromise showed why install-path policy checks matter before packages land in builds.

April 1, 2026

ua-parser-js Attack: How nproxy Flags Risk

The 2021 ua-parser-js hijack exposed 24 million weekly downloads to cryptominers and credential stealers.

April 1, 2026

5 npm Security Rules Every Team Should Enforce Today

Five npm security controls mapped to real incidents: event-stream, ua-parser-js, node-ipc, colors/faker, and typosquat attacks.

April 1, 2026

npm Typosquat Attacks: How nproxy Blocks Risk

Real npm typosquat incidents and how nproxy blocks suspicious packages at install time.