search
PricingInstall StepSecurity AppLogin

magnifying-glass-waveformNPM Package Search

The NPM Package Search page provides visibility into all npm packages that have been installed or used on developer machines.

This includes packages installed by human developers as well as packages installed by tools or AI coding agents.

The NPM Package Search page supports both targeted searches and incident-driven investigations:

You can:

  • Search for specific packages and versions

  • Filter by device, user, or time range

  • Search based on known supply chain incidents, such as compromised packages or specific attack campaigns

This makes it easier to quickly identify exposure during a supply chain incident.

hashtag
Package Locations on Developer Machines

For each package match, Developer MDM shows the exact location where the package exists on the developer machine.

This includes:

  • Package manager used (for example, npm or yarn)

  • Project paths where the package is installed

This information is critical for remediation, especially during active supply chain incidents.

hashtag
Remediation and Verification

Using the package location information, you can create an MDM or EDR script to remove the affected packages from developer machines.

After the package is removed, you can rescan the device and verify that the package is no longer present.

hashtag
Upcoming Capabilities

The following capabilities are currently in development and will be available in a future release:

  • Package allowlists to define which npm packages are permitted across developer machines

  • Cooldown periods for new package versions, preventing newly published updates from being installed until they have been evaluated

PreviousIDE ExtensionsNextSettings

Last updated

Was this helpful?