DEV Community

Abhisek Datta
Abhisek Datta

Posted on

Real-time Malicious Package Protection for AI Coding Agents

#security #ai #programming #webdev

Claude Code, Cursor, Codex is the new wave of AI coding agents. They can scaffold projects, write features, and wire up dependencies faster than most of us can read a README.md. They also run npm install without a second thought.

That’s where things get interesting. These agents have zero ability to distinguish a legitimate package from a malicious one. Unlike first-party code which the agents can review, they have no visibility on the third-party code inherited through open source package dependencies.

They will install whatever looks right based on the name, the prompt, and the training data. The attack surface is real. There are real-world examples:

  • Shai-Hulud 2.0: A self-replicating worm that compromised zapier-sdk, @asyncapi, and posthog packages — over 500 npm packages and 25,000+ repositories affected. The malware propagated via preinstall scripts and harvested cloud credentials.
  • eslint-config-prettier: 30 million weekly downloads. Compromised through a phishing attack on the maintainer's npm account. Six malicious versions published before anyone noticed.
  • nx build system: 4.6 million weekly downloads. Credential harvesting via postinstall hooks — the malware executed the moment a developer ran npm install.
  • 21 npm packages with crypto wallet drainers: Packages with over a billion cumulative weekly downloads, weaponized to steal cryptocurrency.

Introducing SafeDep MCP

SafeDep MCP Server protect AI coding workflows from software supply chain attacks. Every npm, PyPI, and other open source package is checked against real-time threat intelligence before installation.

The problem: AI coding tools install packages without the scrutiny a human would apply. One malicious package can steal AWS keys, GitHub tokens, and API secrets from the environment.

The solution: SafeDep validates every package that the AI suggests within the agent loop before installation. Malicious packages are blocked with clear explanations. Safe packages install invisibly. Zero friction when there's no threat.

Key Features

  • Real-time detection — SafeDep scan packages as they're published to public open source registries, detecting threats in hours, not days
  • Zero friction — Invisible when packages are safe.
  • Broad ecosystem coverage — npm, PyPI, and expanding to more registries

Supported Tools

  • Claude Code
  • Cursor
  • Windsurf
  • Zed
  • Gemini CLI
  • OpenAI Codex
  • Any MCP-compatible IDE

How it works

SafeDep continuously monitors open source package registries such as npm, pypi and more for newly published packages. All packages are analysed using a combination of static code analysis and dynamic behaviour analysis with LLM based contextual classification of behaviour. This enables real-time detection of malicious packages published to the public registries.

SafeDep MCP server is wired with this real-time malicious package database to flag supply chain attacks before they are disclosed in the public.

SafeDep MCP Demo

Demo

Get Started

  1. Sign-up with app.safedep.io to get API key (free)
  2. Connect AI coding agents with SafeDep Streamable HTTP Endpoint
  3. Continue coding with agents. No friction. Just in time protection.

Website: https://safedep.io/mcp
Documentation: https://docs.safedep.io/apps/mcp/overview

Top comments (0)