We build a firewall for your software supply chain
Upwarden sits between your package managers and the public registry, stripping malicious versions before they ever reach your code — and quietly resolving to the last safe one, so your build stays green.
Supply-chain attacks are no longer rare
Trusted packages get compromised every few weeks. A maintainer is phished, an account is taken over, or a known-vulnerable release keeps flowing into builds. The attack reaches you the moment a package manager resolves a poisoned version — long before any human reviews it.
The problem
Nothing stands between the resolver and the registry. Cached artifacts, transitive dependencies and freshly-poisoned releases all reach the build before anyone can react.
Our approach
Replace the registry instead of wrapping a command. Every version is checked against advisory feeds and a structural-similarity scanner that catches novel malware — at any dependency depth, including transitive.
Without breaking builds
Bad versions are stripped from the manifest and the range silently resolves to the last safe one. Run it managed in minutes, or self-host inside your perimeter with zero telemetry.
Builders behind Upwarden
A small, focused team building supply-chain security that developers actually keep switched on.
David Ashwood
David founded Upwarden to fix how software packages are trusted by default during installation — a dependency firewall that strips malicious versions before they ever reach a build, without breaking it. He writes and speaks regularly on supply-chain threats: compromised maintainer credentials, account takeovers, and the case for quarantining newly-published versions before they reach build environments. Before Upwarden, he was CTO at Agoro Carbon Alliance, building technology for sustainable agriculture. Based in Berlin. Connect on LinkedIn →
The team is growing — get in touch if you'd like to help build it.
Who operates Upwarden
Upwarden is operated by Agentic Discovery Solutions Ltd, a company registered in the United Kingdom (company No. 16609866), trading as Upwarden.
Full provider identification and registered-office details are set out in the Impressum. How we handle data is described in our Privacy & GDPR notice, and the terms of use in our Terms of Service.
Talk to the people building it
Want a walkthrough, or have a question about deploying Upwarden in your org? Book a demo or contact us and a real person will get back to you.
Found a security issue? Report it responsibly to security@upwarden.io.