Package Security That
Works the Way You Do.
A transparent proxy firewall that fits into your existing workflow — no infrastructure changes, no migration project, no procurement cycle. Set up in 5 minutes, free to start, and scales with your team.
Free plan available. Team plan from $49/month. Cancel anytime.
Built for how your team actually ships.
Supply chain attacks don't discriminate by company size. The same typosquats, malicious install hooks, and coordinated burst campaigns that hit large organizations are hitting growing teams just as often — usually with less visibility to catch them.
Hextrap is a transparent proxy firewall — it sits in front of PyPI, npm, and the Go module proxy and enforces your policies before any package reaches a developer machine or CI runner. It works with your existing tools and registries without replacing them.
Real protection for the teams doing the building — not just the ones with dedicated security departments.
- Typosquats reach developer machines silently
- New malicious packages install before anyone notices
- No record of what was installed, when, or by whom
- AI coding agents install packages without review
- CI/CD pipelines pull unvetted dependencies
- Block lists only work after a threat is known
- Every install is checked before it lands
- New packages quarantined until your soak window clears
- Full audit log of every install attempt across your team
- AI agent installs governed by the same policies
- One credential swap protects every pipeline
- Allow lists let you define exactly what's permitted
No migration. No commitment. No infrastructure changes.
Hextrap is a transparent proxy — it sits between your package manager and the upstream registry. You keep using pip, npm, bun, or Go exactly as you do today. You just point them at Hextrap first.
Create a free account
Sign up with Google or email. No credit card required.
Create a firewall
Name it, choose your registry (Python, npm, or Go), set your policies.
One config line
Copy your proxy URL and token. Add one line to your pip, npm, or Go config.
Protected
Every install is now scanned, filtered, and logged in real time.
Everything included. No tiered-off features.
The same core protections that matter to large enterprises are available to every Hextrap team — including the free tier.
Malware Detection
Every package is checked against threat intelligence feeds before it ever reaches your machine.
Typosquat Protection
Real-time fuzzy name matching catches packages designed to look like the libraries your team actually uses.
Allow & Deny Lists
Define exactly which packages your team can install. Block everything else, or block specific bad actors.
Soak Time (New Package Quarantine)
Automatically quarantine newly published packages for 1–30 days. The most effective zero-day supply chain defense available.
CI/CD Ready
Works in GitHub Actions, GitLab CI, Jenkins, and any pipeline that runs pip, npm, or Go commands. No plugin required.
Team Management & SSO
Invite teammates, assign roles, and connect your identity provider. Available from the Small Team plan.
Activity Logs
See every install attempt, what was blocked, and why. Full audit trail without digging through build logs.
AI Agent Protection (MCP)
The only firewall that governs what your AI coding assistants — Claude, Copilot, and others — are allowed to install on your behalf.
Transparent pricing. No surprises.
Start free and stay free as long as you need. When your team grows, the Small Team plan unlocks multiple firewalls, SSO, team roles, and priority support — for a flat $49/month.
No storage fees. No egress charges. No procurement cycle. If package security has felt out of reach, it isn't anymore.
- 5 firewalls
- Up to 10 users
- SSO + team roles
- Priority support
14-day free trial
Protect your team today — before the next campaign hits.
Supply chain attacks don't wait for your procurement cycle. Start in 5 minutes.