Malware-free open source dependencies

A malware-free dependency catalog is a curated repository of open source packages that's built from verified source code and protected by layered security controls. The curated repository replaces direct developer access to public registries like npm, PyPI, and Maven Central.

Public registries distribute whatever maintainers publish. While the scale is tremendous, it's impossible to distinguish which packages are safe and which contain malware without additional security tooling. That implicit trust model is how the Axios, LiteLLM, and the Shai-Hulud attacks happened this year. While a CVE wasn't exploited, developer trust in the public registry ecosystem was. A malware-free catalog breaks that assumption before a package is ever available for download.

Chainguard Libraries works in three layers. First, packages are rebuilt from source in a SLSA Level 3-compliant software factory—since 98% of malware has no verifiable source code, malware can't survive the rebuild. Second, packages pass through a configurable cooldown-protected upstream fallback that gates delivery before newly published threats can spread. Third, every package is scanned for malicious behavior before distribution.

Chainguard significantly reduces supply chain attack risk by rebuilding every library from verified source code in tamper-proof environment, preventing malicious code injection at the build and distribution stages. In testing against 3,025 known malicious Python packages from the Backstabber's Knife Collection, Chainguard's rebuilt-from-source approach successfully prevented 98% of these compromised packages from reaching users.

Chainguard also offers additional security controls such as configurable cooldowns and malicious behavior detection to further prevent any risk of malware.

Attackers often compromise the build systems where packages are compiled (injecting malicious code before publication, like the XZ-Utils backdoor) or hijack distribution by stealing developer credentials to upload malicious versions to registries like npm, PyPI, or Maven Central. Because trust is often assumed but never verified from public registries, these attacks spread rapidly through automated dependency updates before they are detected.

"Built from source" means Chainguard rebuilds every library from its original source code repository rather than downloading pre-compiled artifacts from public registries. This creates a trusted, verifiable chain of custody and eliminates the risk of consuming packages that were tampered with during the build or upload. Every library comes with with full provenance proving exactly how, when, and where it was built.

Chainguard Libraries currently supports JavaScript (npm), Java (Maven), and Python (PyPI). Additional language ecosystems are being considered based on customer demand.

Yes. Chainguard Libraries integrates with common artifact managers such as JFrog Artifactory, Sonatype Nexus Repository, and Cloudsmith. Once configured as an upstream source, developers pull trusted dependencies through your existing tools automatically, with no change to your workflows.

Every Chainguard-built package ships with Sigstore signatures (cryptographic proof of authenticity), a signed SBOM (complete inventory of components), and SLSA Level 3 provenance (attestation documenting how and where it was built). These attestations let you verify the origin and integrity of every package, ensuring no tampering occurred between source code and consumption.

No. Libraries appear as just another upstream repository (just like PyPI, npm, Maven Central, NuGet), so developers can use Chainguard Libraries without any operational change. That means your builds and environments work as the same as before—just with signed, verified packages. No new tooling required.

Chainguard backports upstream fixes for critical and high-severity CVEs in popular and highly request Python libraries. This allows you to stay protected while you plan your next version upgrade, eliminating the pressure to immediately migrate to the latest version just to address security issues.

Yes. Chainguard Libraries can be used standalone in any environment (developer machines, CI/CD pipelines, or production) where your code is developed and deployed. However, combining Libraries with Chainguard Containers or VMs provides complete protection across your entire stack, from OS to application dependencies.

FIPS is offered with Chainguard Containers (and related hardened variants), not as a feature of Chainguard Libraries. Use Libraries for the secure dependencies and pair them with FIPS containers/VMs when FIPS-validated cryptography is required.

SLSA (Supply-chain Levels for Software Artifacts) Level 3 is an industry-standard framework that requires builds to be performed on hardened infrastructure with automated provenance generation and additional guarantees that the build platform itself is trustworthy and tamper-resistant. This ensures packages are built in a fully auditable environment where even the build system cannot be compromised. For libraries, this means you get cryptographic proof that each package was built from verified source code without compromise, and that the build environment itself has been hardened against insider threats and infrastructure-level attacks. This prevents supply chain attacks at the build and distribution stages where attackers often inject malicious code.