Defend Developers
Protect against malicious attacks and unintended consequences
Protect Developer Keys & Secrets
Open-source packages are installed in a locked down environment that restricts access to the network, filesystem, and environment variables
A package is installed that sends the developers authentication credentials off to a remote server controlled by the attacker
The sandbox prevents the malicious package from reaching out to the service and protects the developer's credentials
The Phylum Birdcage
An open-source, freely available solution to sandbox package installations and protect developers


The sandbox ships as part of our phylum CLI, which can be installed with the following:

curl https://sh.phylum.io | sh -

You can run any package manager command through Phylum to take advantage of the sandbox. For example, installing react via Phylum:

phylum npm install react

To make things easier and more seamless, you can alias the package manager to phylum and run package manager commands as you normally would:

alias npm="phylum npm"
npm install react
Birdcage Bug Bounty
Attack the developer during package install and steal their secret key

Steal the secret key - win the bounty

Developers are under attack. Typosquats, dependency confusion and obfuscated code are persistent threats during package installation. Phylum.io has built a sandbox that limits access to the filesystem, environment variables and the network.

For example:

phylum npm install pkgName

The sandbox is free, open source, and built into the Phylum CLI. Both of which are available on Github.

How to participate

  1. Create an NPM package that runs a pre/post- install hook
  2. In the install hook, read the data at /treasure/key
  3. POST the contents of this file to the URL below. If successful, you will get a JSON response back that includes additional instructions. Note this host is only accessible from inside the CTF playground. There is no external route.
http://exfil.phylum.app:9090

Rules of engagement

  1. A successful attack should focus on breaking out of the sandbox, and simulate an attacker exfiltrating data during package installation.
  2. To win the bounty, you must provide a detailed writeup describing how you escaped the sandbox.
  3. Do not publish your packages to NPM. This will disqualify you.
Phylum Research
Follow our research blog to stay up to date on our latest reports and findings.​
See Phylum Research
Rust Malware Staged on Crates.io
Phylum successfully identified and stopped the publication of malicious packages to the Rust ecosystem, Crates.io.
Sophisticated, Highly-Targeted Attacks Continue to Plague npm
Packages found communicating with C2 servers waiting for commands from attackers.
Targeted npm Malware steals company source code
Packages uncovered exfiltrating source code to an attacker controlled FTP server...