Does the Package Firewall block installation of all versions of a malicious package?
Does the Package Firewall block installation of all versions of a malicious package?
No. The Package Firewall blocks only the specific package versions that Endor Labs flags as malware in the malware database.
How does the Package Firewall handle transitive dependencies?
How does the Package Firewall handle transitive dependencies?
The Package Firewall checks each package individually when the client requests it during installation. If any dependency, direct or transitive, contains malware, the firewall blocks that specific package installation and stops the overall installation process.
Does the Package Firewall slow down package installations?
Does the Package Firewall slow down package installations?
No. The impact on installation time is minimal.
What happens with package version ranges like `npm install express@^4.0.0`?
What happens with package version ranges like `npm install express@^4.0.0`?
The package manager resolves version ranges as usual. The Package Firewall checks the resolved version when the client requests it for download. If Endor Labs flags that version as malware, the firewall blocks the installation.