The npm supply chain in 2026 — lockfiles, sigstore, Socket, and the attacks we've seen

npm is the largest software supply chain in the world and, by a wide margin, the most-attacked. The pattern is consistent: a maintainer's account gets compromised (or sold), a malicious version of a popular package is published, the autoupdate machinery in millions of pipelines pulls it down within hours, and somewhere a thousand teams find out about it the same week.

There are a small number of controls that materially change attacker economics here. We ship all of them on every managed Node.js stack.

Lockfile + provenance verification in CI

# Refuse to install if lockfile is out of sync
npm ci --strict-peer-deps
 
# Verify package provenance (introduced 2023)
npm audit signatures
 
# Third-party scan — catches malicious-package patterns audit misses
npx socket@latest scan

npm ci (not npm install) is the entry point. It refuses to deviate from package-lock.json and fails fast on a manipulated lockfile. npm audit signatures verifies sigstore-backed provenance attestations from the package author.

The full write-up covers:

• The four attack classes we've actually seen on customer engagements
• Lockfile discipline — including transitive lockfile minification
• The sigstore + provenance flow npm rolled out in 2023 — and how to enforce it
• Socket.dev and Snyk as complementary scanners
• Pinning by exact version (no ^, no ~) for high-risk dependencies
• The internal mirror / Verdaccio caching layer for air-gapped builds
• Incident response playbook for "popular package compromised this morning"

We ship these controls on every managed Node.js stack.