nproxy/Documentation
Dashboard

Getting Started

nproxy is a production supply-chain enforcement layer. It sits between your developers and upstream package registries (npm, PyPI, Go, Cargo, Maven, and RubyGems), enforces policy at install time, and extends the same policy into CI and production deploys on Team plans -- without changing anyone's workflow.

Prerequisites

Before you begin, you need:

  • An nproxy account -- Sign up at nproxy.app
  • A package manager -- npm, yarn, or pnpm for JavaScript; pip or uv for Python
  • An organization -- Created in the nproxy dashboard after signing up

How nproxy works

When you configure your package manager to use https://your-org.nproxy.app/ as the registry (npm) or https://your-org.nproxy.app/pypi/simple/ (pip/uv), every install flows through nproxy. The proxy fetches package metadata from the upstream registry, runs eight security rules against every version, and strips blocked versions from the response. Your package manager then resolves to the latest safe version automatically. For npm, all other commands (publish, login, whoami, search, deprecate, dist-tags, and more) work transparently through the proxy.

On Team and Enterprise plans, the same policy gates CI builds and production deploys -- so risky packages are stopped at every stage between commit and production.

Developers do not need to learn new tools or change their workflow. The proxy is invisible.

Plans

FreePro ($29/mo)Team ($199/mo)Business ($499/mo, early access)Enterprise (from $10K/yr)
Requests/month10,000100,000100,000100,000Unlimited
Team members1310100Unlimited
RulesDefault block setAll 8 rulesAll 8 rules + customAll 8 rules + customAll rules + custom
Audit retention7 days30 days180 days365 daysCustom
Production deploy gates----YesYesYes
Binding policies----YesYesYes
Docker / K8s / cloud projectors------YesYes
SSO (Google + Microsoft)------YesYes
SCIM, mTLS, internal packages--------Yes

Next steps