Sage checks npm and PyPI packages for supply-chain threats whenever an install command is run or a manifest file (package.json, requirements.txt) is written. Root manifests are also scanned at session start.
| Threat | Verdict | Description |
|---|---|---|
| Non-existent package | deny |
Hallucinated or typosquatted name not found on registry |
| Hallucinated version | deny |
Specific version that does not exist for a real package |
| Malicious package | deny |
Known malware/PUP detected via file reputation check |
| Suspiciously new package | ask |
First published less than 7 days ago |
- Extract package names and versions from install commands or manifest files
- Query the registry (npm or PyPI) for metadata
- If the package or version does not exist, block immediately
- If it exists, check the package hash (
dist.shasumfor npm,digests.sha256for PyPI) against a file reputation API - If no reputation match, check publication age - flag if less than 7 days old
- Otherwise, allow
No tarballs are downloaded. Only registry metadata and hash lookups are used.
Scoped packages (@scope/pkg) are automatically skipped because they typically come from private registries and would false-positive against public npm/PyPI.
{
"package_check": {
"enabled": true,
"timeout_seconds": 5
},
"file_check": {
"enabled": true,
"timeout_seconds": 5
}
}package_check.enabled- set tofalseto disable all package checksfile_check.enabled- set tofalseto skip file reputation lookups (registry existence and age checks still run)
Results are cached in ~/.sage/cache.json with TTLs based on verdict and package age.