This week's tip of the week is Socket Firewall Free.
I’ve been using Socket’s GitHub app in my OSS projects, but for some reason, I wasn’t using Socket’s firewall locally.
Sébastien Lorber, who runs the excellent React newsletter This Week In React (subscribe if you live in React), shared his local setup for this. It’s worth sharing beyond the React ecosystem because npm supply chain attacks keep getting worse.
The setup is simple:
npm install -g sfw
# add these to your shell profile
alias npm="sfw npm"
alias npx="sfw npx"
alias pnpm="sfw pnpm"
alias yarn="sfw yarn"
alias bun="sfw bun"Now your package manager commands run through Socket Firewall first.
So instead of blindly running npm install, npx some-random-cli, or pnpm add whatever, Socket Firewall Free can block known malware before it hits your machine.
Socket Firewall Free in action
Socket Firewall Free is free, as the name implies, for both open source and commercial use, which makes it an easy win for local development machines.
As I mentioned, they also offer a GitHub integration and team features for CI/CD workflows.
This is a no-brainer to set up locally.
That's it! Short and sweet. Until the next one!
Update 2026-06-01 11:04am: Thanks for this heads up from one of our subscribers. Telemetry is not configurable. Socket Firewall Free collects anonymous telemetry. Socket Firewall Enterprise allows you to configure telemetry collection.
