Ward: Open-source tool intercepts npm installs to block supply chain attacks for Claude Code users
Ward is an open-source security tool built by Vanguard Defense Solutions after the [email protected] compromise incident. It hooks into your package manager and checks every package before install scripts execute.
When Claude Code runs npm install on your behalf, Ward automatically screens packages. The tool includes a Claude Code hook that intercepts every install command before execution, eliminating the need for manual intervention.
Key features
- Blocks known malware packages
- Detects typosquats (warns when packages like "axxios" resemble legitimate packages like "axios")
- Flags suspicious install scripts
- Identifies version anomalies
- Ships with 42 verified real-world attack patterns
Example output
$ npm install [email protected]
✗ ward: BLOCKED
This version steals SSH keys and cloud credentials
Safe version: 1.14.0Installation
npm install -g wardshield
ward initThe tool is MIT licensed and includes 286 tests. It was developed specifically for the Claude Code community following supply chain attack concerns.
Additional resources include a live threat feed at wardshield.com and the GitHub repository at Vanguard-Defense-Solutions/ward.
📖 Read the full source: r/ClaudeAI
👀 See Also
Three open-source alternatives to litellm after PyPI supply chain attack
litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware. Three open-source alternatives include Bifrost (Go-based, ~50x faster P99 latency), Kosong (agent-oriented from Kimi), and Helicone (AI gateway with analytics).
Critical RCE vulnerability in protobuf.js library
A critical remote code execution vulnerability in protobuf.js versions 8.0.0/7.5.4 and lower allows JavaScript code execution through malicious schemas. Patches are available in versions 8.0.1 and 7.5.5.
Clawndom: A Security Hook for Claude Code to Block Vulnerable npm Packages
A developer built Clawndom, an open-source hook for Claude Code that checks npm packages against the OSV.dev vulnerability database before installation, blocking known vulnerable packages while maintaining agent autonomy.
Testing Uncensored Qwen 3.5 35B Models for Cybersecurity Questions
A cybersecurity professional tested three uncensored Qwen 3.5 35B models on hacking and security bypass questions, finding significant differences in response quality compared to the original censored model. The uncensored models consistently provided answers where the original model refused or gave incomplete responses.