npmguard

NpmGuard is an autonomous security platform that protects developers from malicious npm packages. When a new package version is published on npm, our system automatically fetches it, runs it through a multi-step AI audit pipeline (structural analysis, LLM risk scoring, agentic investigation, and sandboxed exploit testing), then publishes the verdict, score, and full report on-chain using ENS subnames on Sepolia and IPFS via Pinata.

Developers can check any package before installing it. Simply query the ENS registry (e.g. axios.npmguard.eth) to see if the package is safe, what its risk score is, and read the detailed report stored on IPFS.

The platform has two entry points. Monitored packages are audited for free through a Chainlink CRE cron job that checks npm every five minutes. For any other package, developers can trigger an audit on demand through the CLI by paying a small fee (0.01 0G) on the 0G Galileo testnet, either with a private key or by scanning a WalletConnect QR code from their mobile wallet.

Both paths feed into the same audit engine: a TypeScript pipeline running inventory analysis, LLM-powered static analysis with Gemini 2.5 Flash, dynamic exploit generation, and Docker-sandboxed execution. The result is a trust layer for the entire npm ecosystem that any developer or AI agent can query before installing a dependency.

NpmGuard is built as a modular system where each component handles one responsibility and communicates through simple HTTP calls and on-chain reads.

The audit engine is a TypeScript server powered by Hono, exposed as a REST API. When it receives an audit request, it runs the package through four phases. Phase 0 (Inventory) downloads the tarball and performs structural triage, extracting metadata, install scripts, and dependency trees. Phase 1a (Triage) sends the code to Gemini 2.5 Flash via an OpenAI-compatible API to produce a risk score. If the score is high, Phase 1b (Investigation) uses an agentic LLM flow to deeply analyze suspicious patterns, and Phase 1c generates exploit test code. Phase 2 (Sandbox) spins up a Docker container to execute the generated tests in isolation, catching runtime behaviors like unauthorized network calls or filesystem access.

Once the verdict is produced, the engine publishes everything to IPFS through Pinata and writes structured ENS text records on Sepolia. Each audited package gets an ENS subname (e.g. 1-14-0.axios.npmguard.eth) storing the verdict, score, capabilities, report CID, and source CID.

The CLI (npmguard-cli, published on npm) wraps the entire flow for developers. It reads ENS on-chain to check if an audit exists, and if not, handles payment on the 0G Galileo testnet through either a raw transaction or WalletConnect v2 QR code, then triggers the engine and streams results back.

For automated monitoring, we built a Chainlink CRE workflow that runs on the Decentralized Oracle Network. A cron trigger fires every five minutes, fetches the npm registry for monitored packages, reads ENS using the EVMClient (trustless, no RPC dependency), and calls the audit engine for any unaudited version. This means no single server needs to stay online for monitoring to work.

The frontend is a React and Vite dashboard styled with Tailwind CSS. It connects to the engine via Server-Sent Events to stream audit progress in real time, showing each phase as it completes.

On the smart contract side, we wrote a Solidity contract deployed on 0G Galileo a deploy and verify scripts. The contract handles audit payments and emits events that the engine can listen to.

One notably hacky piece is the sandbox system. Instead of statically analyzing what a package might do, we actually generate Vitest exploit tests tailored to each package and run them inside Docker. This catches real runtime malicious behavior that static analysis would miss, like a package that only phones home during postinstall.