Scan tarballs
before npm runs.

Attacks like Phantom Gyp (the Miasma worm, June 2026) trigger node-gyp rebuild during install — with no package.json script. xnpm fetches each new tarball from the registry and scans it before handing off to npm.

• A
  PHANTOM_GYPbinding.gyp with <!(...) shell substitution.
• B
  OVERSIZED_DECOYRoot index.js much larger than declared main.
• C
  PHANTOM_GYP_NO_NATIVE_SRCbinding.gyp with no C/C++ sources.

xnpm install · xnpm install --inspect-only
xnpm config trust-scope @scope · xnpm audit --log

Cache: ~/.xnpm/inspected.json
Audit log: ~/.xnpm/audit.log
Trusted: @x12i, @exellix + user scopes

In June 2026, Snyk tracked the Node-gyp Supply Chain Compromise — 57 packages, hundreds of malicious versions, classified as Embedded Malicious Code at Critical severity. That is Snyk's advisory system, not a CVE.

CVEs describe bugs in software. Phantom Gyp abuses gyp's <!(...) substitution — a legitimate feature, not a flaw in npm or node-gyp. Individual packages get npm advisories after the fact; the technique itself does not.

--ignore-scripts blocks lifecycle hooks but does not stop node-gyp rebuild from a weaponized binding.gyp. The reliable fix: scan tarballs before install.

Would have flagged packages during the ~2h window before advisories existed.

• ✓
  Pre-install tarball inspectionStatic checks before npm install — cleared packages cached in ~/.xnpm/inspected.json.
• ✓
  Interactive block on warningsCI/non-TTY defaults to abort; overrides logged to ~/.xnpm/audit.log.
• ✓
  Integrity-aware cacheRepublished tarballs at the same version trigger re-inspection.

• —It does not replace npm audit for known CVEs — it adds structural checks advisories cannot cover.
• —It does not scan packages already in node_modules from before this feature existed.
• —It does not sandbox install-time code execution — it blocks before install when possible.