Enterprise
nproxy Enterprise provides identity-aware production supply-chain enforcement for organizations that need centralized control over installs, deploys, and runtime configuration.
Enterprise starts at $10K/year for annual contracts. Assisted POCs are reserved for qualified teams with a named technical owner, one target repo, one CI path, one deployment path, and a written 14-day success metric.
Features
| Feature | What it does |
|---|---|
| SCIM Provisioning | Automatically provision and deprovision users and API tokens via Okta, Azure AD, or any SCIM 2.0 IdP |
| mTLS Authentication | Require client certificates from managed devices -- even if an API token is compromised, unmanaged devices cannot access the proxy |
| Internal Packages | Host private @scope packages alongside public packages, served from the same registry URL |
| Code Signing | Ed25519 signing for internal packages and public package attestation with configurable enforcement (also available on all plans) |
| Advisory Allowlist | Create org-scoped exceptions for specific vulnerability advisories by advisory ID or package name, with optional expiry (also available on Pro) |
Enterprise plan limits
| Capability | Limit |
|---|---|
| Monthly requests | Unlimited |
| Team members | Unlimited |
| Audit log retention | Custom (365 days default) |
| Security rules | All 8 rules, fully customizable |
| Production deploy gates | Yes |
| Binding policies (typed runtime config) | Yes |
| Docker / K8s / cloud projectors | Yes |
| SCIM, mTLS, internal packages | Yes |
Enterprise packaging
| Offer | Best fit | Commercial posture |
|---|---|---|
| Essentials | Teams validating production enforcement on a focused rollout path | From $10K/year |
| Platform | Platform or AppSec teams rolling controls across multiple teams | $30K-$36K/year |
| Regulated | Compliance-heavy organizations needing governance and support controls | From $60K/year |
Zero-friction deployment
Enterprise features are designed to be deployed by IT/security teams without requiring any action from developers:
- SCIM provisions user accounts and API tokens automatically when employees are assigned in the IdP
- mTLS certificates are pushed to managed devices via MDM (Jamf, Intune, etc.)
- The .npmrc file is pushed to managed devices via MDM alongside the certificate
The result: a developer opens their laptop and package installs work through nproxy with full authentication. They did not install anything, configure anything, or even know that nproxy exists.
Per-user audit trail
With token authentication and mTLS enabled, every request to the proxy is traced to a specific user and device. The audit trail records:
- Every package install
- Every publish and unpublish
- Every blocked package (with the rule that triggered)
- Token validation events
- mTLS rejection events
Audit events include the token hash (truncated to 16 characters) and the certificate identity (email from the client certificate's Subject DN) where available.
Settings dashboard
All Enterprise features -- SCIM, mTLS, internal packages, and code signing -- can be configured directly from the nproxy dashboard under Settings. No API calls or support tickets required. Changes take effect immediately for all members of your organization.
Getting Enterprise
Enterprise features are available on the Enterprise plan. Contact enterprise@nproxy.app to learn more, or sign up at nproxy.app/signup to start with the Free or Pro plan and upgrade later.