Portable and language managers
npmverified · 100%
npm install -g lavamoatlocal npm package metadata
npm / rank 786
Install lavamoat
lavamoat is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks". Version 11.1.3 via npm; verified 2026-05-28.
install
Install with Automic Vault
Automic Vault
sudo av install npm:lavamoatPackage manager source
Platform notes
- No package-specific platform notes were present.
overview
Package summary
lavamoat is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".
Homepage
Commands and aliases
- lavamoat
security posture
No protected-tool coverage found yet
No matching local secret-handling manifest was found for lavamoat. Nucleus package metadata is still published here so future coverage has a stable package URL.
Install behavior
- No npm postinstall script is recorded in package metadata.
- No Homebrew bottle metadata was recorded.
- Installs with 11 runtime dependencies.
Recommended review
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
Installed executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
lavamoat | cli | global executable | |
lavamoat-run-command | cli | global executable |
freshness
Version and freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
page generated2026-06-10
manager version11.1.3
manager updated2026-05-28
local dataok
upstreamnot checked
latest detectednot detected
https://github.com/LavaMoat/lavamoat
- infoNo cached GitHub release or tag data was available.https://github.com/LavaMoat/lavamoatnone confidence
install metadata
Package metadata
| Package key | npm:lavamoat |
|---|---|
| Version | 11.1.3 |
| Package manager | npm |
| Package manager page | https://www.npmjs.com/package/lavamoat |
| Homepage | https://github.com/LavaMoat/lavamoat#readme |
| Repository | https://github.com/LavaMoat/lavamoat |
| Upstream docs | https://github.com/LavaMoat/lavamoat#readme |
| License | MIT |
| Source archive | https://registry.npmjs.org/lavamoat/-/lavamoat-11.1.3.tgz |
| Issue tracker | https://github.com/LavaMoat/lavamoat/issues |
| Last updated | 2026-05-28T21:25:39.870Z |
| Published | 2026-05-28T21:25:39.870Z |
| Dependencies | @babel/code-frame, @babel/highlight, @lavamoat/aa, bindings, corepack, htmlescape, lavamoat-core, lavamoat-tofu, node-gyp-build, resolve, yargs |
| Bottle | not recorded |
| npm postinstall | not defined |
| Service | none declared |
registry facts
Source database details
| Source Database | npm registry |
|---|---|
| Dist Tags | |
| Version Count | 99 |
| Maintainers |
|
| Author | kumavis |
| Publisher | GitHub Actions |
| Engines | |
| Integrity | sha512-oemeR9jSZ96Avyg+5ina9qUr7M72IhHwGntTdr5S3AFA2fjQUJVgsgmheFMg+B2iwunBfSmQF4xeaymA3ItkMQ== |
| Shasum | a1d08f61a4dfe8077d6987630fd36618bf1e6315 |
| Unpacked Size | 82,976 |
| File Count | 0 |
| Created At | 2020-03-27T04:53:19.858Z |
| Latest Published At | 2026-05-28T21:25:39.870Z |
| Modified At | 2026-05-28T21:25:40.154Z |
source trail
Generated from repository data
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
Used sources
- Nucleus package database
- cross-ecosystem install command graph
- package relationship graph
- package version freshness
- package-page enrichment