Supply Chain Security SOP

Context

Supply chain attacks on package registries (npm, PyPI) are increasing, particularly targeting AI/ML tooling. axios 1.14.1 and litellm 1.82.8 were both compromised within the same week (March 2026). This SOP defines how we manage package dependencies safely.

Package Managers (Standardized)

Language	Package Manager	Lockfile
Python	uv (not pip/pip3)	uv.lock
JavaScript	npm (with lockfile)	package-lock.json
Bun projects	bun	bun.lock
System tools	Homebrew	Brewfile.lock.json

Rules

Never Do

pip install anything — always use uv
npm update -g or npm install -g without founder approval
Delete and regenerate lockfiles (that’s when compromised versions get pulled in)
Install packages with floating version ranges in production
Auto-update dependencies in the restart script (claude update and plugin update are managed by Anthropic and are fine)

Always Do

Pin exact versions in lockfiles
Check release date before upgrading — prefer packages with releases older than 7 days
Review changelogs and release notes before updating
Audit new dependencies before installing: check download counts, maintainer history, and security advisories
Flag any new package installs to the founder before executing

Before Updating Any Package

Check the package’s latest release date — if < 7 days old, wait
Check Socket.dev or GitHub Advisory Database for known issues
Review the changelog — does the update make sense? Unexpected new dependencies are a red flag
Update in isolation, test, then commit the lockfile

Homebrew

Don’t run brew upgrade blindly — it upgrades everything
Use brew upgrade <specific-package> for targeted updates
Consider brew pin <package> for critical tools we don’t want auto-upgraded
Homebrew formulae are code-reviewed by maintainers, lower risk than npm/PyPI, but not zero
Cask apps (GUI applications) auto-update themselves — harder to control

Currently Pinned (recommended)

brew pin tmux
brew pin node

Monitoring

Periodically check installed packages against known compromises
Watch for unusual new transitive dependencies in lockfiles after updates
Subscribe to security advisories for critical packages

Incident Response

If a compromised package is found on the machine:

Check exact installed version — is it the affected version?
Check for the malicious payload (e.g., specific files, suspicious dependencies)
If compromised: uninstall immediately, audit for artifacts in temp directories
Notify founder
Document in vault under 06-reference/security-incidents/