Install security

Scan tarballs
before npm runs.

Every xops install inspects new dependency tarballs in memory for Phantom Gyp and similar supply-chain attacks — before any code executes. For publish-time pack checks and credential leaks, see Safety.

Install gate

Three static checks
on every new dependency.

Attacks like Phantom Gyp (the Miasma worm, June 2026) trigger node-gyp rebuild during install — with no package.json script. xops fetches each new tarball from the registry and scans it before handing off to npm.

  • A
    PHANTOM_GYPbinding.gyp with <!(...) shell substitution.
  • B
    OVERSIZED_DECOYRoot index.js much larger than declared main.
  • C
    PHANTOM_GYP_NO_NATIVE_SRCbinding.gyp with no C/C++ sources.

xops install · xops install --inspect-only
xops config trust-scope @scope · xops audit --log

xops install
$ xops install → tarball inspection (3 new packages) ✓ lodash@4.17.21 PASS ⚠ risky-pkg@0.9.0 PHANTOM_GYP ? Continue anyway? (y/N) → npm install (blocked on N)

Cache: ~/.xops/inspected.json
Audit log: ~/.xops/audit.log
Trusted: bundled ~500 packages + ~200 scopes (`@x12i`, `@exellix`, …) + user scopes

Threat context

No CVE for the technique.
That is why structural checks matter.

In June 2026, Snyk tracked the Node-gyp Supply Chain Compromise — 57 packages, hundreds of malicious versions, classified as Embedded Malicious Code at Critical severity. That is Snyk's advisory system, not a CVE.

CVEs describe bugs in software. Phantom Gyp abuses gyp's <!(...) substitution — a legitimate feature, not a flaw in npm or node-gyp. Individual packages get npm advisories after the fact; the technique itself does not.

--ignore-scripts blocks lifecycle hooks but does not stop node-gyp rebuild from a weaponized binding.gyp. The reliable fix: scan tarballs before install.

DefensePhantom Gyp
npm auditReactive — after advisories exist
--ignore-scriptsMisses node-gyp path
npm advisoriesPer-package, post-incident
xops tarball gateStructural — catches <!( before install

Would have flagged packages during the ~2h window before advisories existed.

Guarantee

What the install gate guarantees.
And what it doesn't claim.

  • Pre-install tarball inspectionStatic checks before npm install — cleared packages cached in ~/.xops/inspected.json.
  • Interactive block on warningsCI/non-TTY defaults to abort; overrides logged to ~/.xops/audit.log.
  • Integrity-aware cacheRepublished tarballs at the same version trigger re-inspection.
  • It does not replace npm audit for known CVEs — it adds structural checks advisories cannot cover.
  • It does not scan packages already in node_modules from before this feature existed.
  • It does not sandbox install-time code execution — it blocks before install when possible.

Security posture — in progress

Scanners stay separate.
Findings become part of the operating contract.

xops already protects install and publish paths. The expanded security story is not that xops replaces scanners. It is that xops detects the supported scanners and makes their status part of repository operations.

Supported security scope

xops does not require every scanner. It reports what exists, recommends only relevant missing gates, and blocks only when policy says a gate is required.