Your Package Manager Is not your friend: Install-Time Attacks and How to Stop Them

Session Description

Every developer has run npm install or pip install thousands of times and it feels safe since you're just adding a dependency. But at that exact moment, before your CI pipeline runs or before any security scan kicks in, a malicious package's install script has already executed on your machine. With that credentials stolen and backdoor planted. Done.
This is not I am talking about any theoretical threat. Coordinated supply chain attacks like typosquatting campaigns, maintainer account takeovers, npm worms are or have targeted developers exactly this way and repeatedly in the past two years.

In this talk we'll start by understanding how install time attacks actually work, what happens when you run npm install, why post-install scripts are dangerous, and why existing tools like CI scanners and CVE feeds miss this window entirely. From there, we'll build up what a real layered defense looks like which is real-time threat intelligence that checks packages before install, dependency cooldown that skips freshly published versions before any verdict exists, and OS-native sandboxing (macOS Seatbelt / Linux Landlock) that contains install scripts even if something slips through. We'll then see this in action through pmg (Package Manager Guard) which is a free, open source CLI tool built in Go that wraps npm, pip, pnpm, poetry, and others and implements all three layers with zero changes to your workflow. The talk closes with how to get started and how to contribute to the project.

If you've run a package manager, this talk is for you and you'll leave able to install pmg in under two minutes.

• Install-time is the real attack surface - most developers don't realize that malicious code executes during npm install and not after a deploy or any CI run. This mental model shift is the most important to know and thing to walk away with.

• Three layers of install-time defense - threat intelligence, dependency cooldown, and OS-native sandboxing are complementary controls. Attendees will understand what each does and what it doesn't cover.

• Hands-on with pmg - attendees will know how to install and use pmg with their existing package managers immediately after the talk, with no workflow changes required.

• How to contribute to an open source security tool - pmg is actively built in public in Go. Attendees comfortable with Go (or wanting to learn) will know where to start contributing.