whatisgithub

What is npm-age-checker-proxy?

jason-snell/npm-age-checker-proxy — explained in plain English

Analysis updated 2026-05-18

0C#Audience · ops devops

In one sentence

A lightweight C# proxy that blocks npm package installs unless the package is at least 30 days old, guarding against fresh malicious uploads.

Mindmap

mindmap
  root((repo))
    What it does
      Blocks new npm packages
      Age threshold check
      Forwards other requests
    Tech stack
      C sharp
      Single binary
    Use cases
      Supply chain defense
      Self hosted gate
      CI protection
    Audience
      DevOps teams
      Security minded devs
    Setup
      Edit hosts file
      Set registry config
      Run executable

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run a self-hosted proxy that rejects npm packages published too recently.

USE CASE 2

Add a supply-chain safety net for a team's local or CI npm installs.

USE CASE 3

Redirect npm registry traffic through a custom age-check gate.

What is it built with?

C#.NET

How does it compare?

jason-snell/npm-age-checker-proxyanulman/docx-saxatrblizzard/vtmb-sbox-mounter
Stars000
LanguageC#C#C#
Setup difficultymoderatemoderate
Complexity4/53/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

So what is it?

npm-age-checker-proxy is a small network proxy that protects developers from a common type of supply chain attack by blocking newly published packages from being installed. The attack it defends against works like this: a bad actor publishes a malicious package to the npm registry (the central repository where JavaScript packages are distributed), either under a confusingly similar name to a popular package or by compromising an existing one. Because the malicious package is brand new, many developers' machines will install it before security researchers have had time to detect and flag it. This proxy sits between your development machine and the npm registry. When you run a package installation command, the proxy intercepts the request, checks how long ago that specific package version was published, and blocks the installation if the package is younger than a configurable minimum age. By default the threshold is 30 days. Packages older than that are forwarded to the real registry and installed normally. If a package is too new, you get a clear error message explaining why it was blocked and how many days old it actually is. Setting it up involves running the proxy as a service, then redirecting your machine's npm traffic to go through it, either by editing a system hosts file or by pointing npm at a local registry address. The minimum age threshold is controlled by a single environment variable. It is built in C# as a single binary with minimal overhead, and works with any npm client.

Copy-paste prompts

Prompt 1
Help me set up this hosts file redirect on macOS or Linux instead of Windows.
Prompt 2
Show me how to configure MIN_AGE_DAYS and run this proxy as a background service.
Prompt 3
Explain how this proxy checks a package's publish time before allowing an install.
Prompt 4
Write a script to point our CI pipeline's npm config at this proxy automatically.

Frequently asked questions

What is npm-age-checker-proxy?

A lightweight C# proxy that blocks npm package installs unless the package is at least 30 days old, guarding against fresh malicious uploads.

What language is npm-age-checker-proxy written in?

Mainly C#. The stack also includes C#, .NET.

Who is npm-age-checker-proxy for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.