Maintainers, this is for you. We're partnering with Drydock so maintainers can see exactly what's inside a package before they approve it, catching malware before it ships instead of disclosing it after. Drydock lets you read the actual bytes of a staged release before it goes live, so bad versions get caught at approval rather than in a post-mortem. For npm and PyPI maintainers, Drydock is available at no cost.
Stopping malware before it’s published
The last year has been full of malware attacks on open-source packages. We’ve gotten accustomed to seeing alerts and tweets with another “ALERT! Big malware attack!” Improvements to detection and reporting are important, but by the time we have to disclose, it’s already too late. Package maintainers deserve more support earlier on in this process, to help them detect and prevent problems before they’re in the wild and everyone’s panicking and doing damage control.
npm’s recent announcement of staged publishing is a step in this direction. The update introduces a staging queue, where all package versions wait for a maintainer with 2FA to manually approve publishing. However, while this introduces an opportunity to review, the maintainer can’t see into the prepared package. They can view the version number, but not what the bytes are inside the package or what, if anything, has changed from the current state of the repo.
Aikido is committed to helping maintainers stop malware attacks before they happen. This is why we are partnering with Drydock to make publishing packages safer and staged publishing more useful. If you maintain an npm or PyPI package, Drydock gives you a free way to see what's really in a release before it publishes. Drydock analyzes staged npm packages to show you exactly what changed in the bytes before you approve, so the maintainer doing the approving can finally see inside the prepared package.
For PyPI, which doesn't have staged publishing, Drydock runs the same review inside your release pipeline instead. The same path covers npm packages that publish without staging. Support for additional registries is also coming soon.
How Drydock works
When a new staged version appears, Drydock picks it up, downloads the exact tarball into a short-lived sandbox, diffs it against the last published version, and shows you the report on its dashboard. You see every change, with the security-relevant ones flagged and ranked by severity. Those flags catch what malware relies on, like a new preinstall or postinstall lifecycle script, files that weren't there before, code that spawns a process or reaches out to the network, or an added binary. Each finding is pinned to the line that introduced it, so the review reads as a short list you can scan in seconds rather than a wall of source. You read the findings, then approve the publish step in npm with your own 2FA.
The flow above assumes a staged npm publish. For PyPI, or for an npm package that publishes without staging, Drydock runs as a GitHub Actions environment gate. The release pauses in your pipeline before it reaches the registry. Drydock reviews the built artifact and posts the same diff and severity-ranked findings, and a maintainer approves or rejects in Drydock before anything goes public.
Drydock never publishes itself, so you’re not adding any failure points into the release process. Drydock uses a read-only npm token, just enough to see staged publishes. It is limited to only reading file listings and text, so it never runs the package contents. And in the spirit of keeping humans in the loop, a human makes the call every time.
Breaking the malware cycle
When npm and other package managers launched, instant publishing was a feature for ecosystems that could grow quickly because they trusted their members. But today, attackers exploit the speed and ease of publishing to carry out malware attacks.
Staged publishing breaks that pattern by holding the version before it goes live. Drydock makes that hold meaningful, by showing the maintainer exactly what changed while there's still time to say no. The catch happens before download number one, instead of in a post-mortem after the damage is done.
That's the world we want for maintainers. Less waking up to malware disclosures, more finding the problem and stopping it themselves.
Setup is easy and doesn’t cost anything. Turn on npm's staged publishing for your package, connect Drydock to your org with a read-only token, and it starts reviewing staged versions automatically. For the GitHub Actions setup, you just need to link the GitHub app and the environment. Check out Drydock and more on how to get started on their site.
