search
PricingInstall StepSecurity AppLogin

npm Package Search

circle-exclamation

Available for Enterprise Tier Only

npm Package Search lets you quickly identify where specific npm packages appear across your organization — from pull requests and repositories to developer machines. When a package is found to be compromised or vulnerable, you can use this feature to understand your blast radius and take targeted remediation steps.

You can search at the organization level or across your entire tenant, depending on your scope of access.

hashtag
Search Scope

npm Package Search covers two surfaces:

  • CI/CD and Repositories — Identifies where a package was introduced across pull requests and default branches. Results link directly to the PR where the dependency was added, so you can revert or patch it quickly.

  • Developer Machines — Identifies where a package is installed on developer endpoints, including packages installed by AI coding agents and tools. For each match, the search returns the exact file path and package manager used, which you can use to build an MDM or EDR remediation script and verify removal after cleanup.

hashtag
Supported Ecosystems and Files

npm Package Search inspects the following dependency and lock files across the npm, yarn, and pnpm ecosystems

hashtag
Supported Files

npm

package.json

Primary dependency definition file

npm

package-lock.json

Locked dependency tree generated by npm

yarn (Classic)

yarn.lock

Locked dependency tree for Yarn v1

yarn (Berry)

package.json

Dependency definitions for Yarn v2+

pnpm

pnpm-lock.yaml

Locked dependency tree for pnpm

pnpm

package.json

hashtag
How to Use npm Package Search

Step 1: Navigate to StepSecurity Dashboard -> OSS Package Security → npm Package Search

Step 2: Configure your search filters.

  • Search Scope — Choose Organization Search to search within your current organization, or Tenant Search to search across all organizations in your tenant.

  • Search Type — Choose Custom Search to specify packages manually, or Compromised Packages Search to focus on known compromised or vulnerable packages.

  • Repository — Optionally narrow results to a specific repository.

  • Seen In — Filter by where the package was detected. Options include All (PRs, Default Branch & Dev Machines), or a specific surface.

  • Time Range — Optionally select a date range to limit results.

Step 3: Add the packages you want to search for.

Enter a package name and, if applicable, one or more specific versions. Click Add Package to add more packages to the same search. Results can be exported as CSV.

Step 4: Run the search and review results.

Matching results show the PRs or developer machines where the package was found. Click any result to view details — for CI/CD results this links to the corresponding pull request; for developer machine results this shows the install path and package manager.

Step 5: Remediate

  • For CI/CD findings, revert the affected PR or patch the dependency directly.

  • For developer machine findings, use the file path information to build a removal script via your MDM or EDR tooling. After running the script, rescan the device to confirm the package is no longer present.

Follow this interactive demo to see how this works:

circle-info

For a complete guide to preventing, detecting, and responding to npm attacks, see NPM Supply Chain Security

PreviousArtifact MonitorNextOSS Security Feed

Last updated

Was this helpful?