# Install sfw with npm

Socket Firewall wrapper that verifies latest release and then runs npm with original args. Version 2.0.6 via npm; verified 2026-05-22.

## Install

```sh
sudo av install npm:sfw
```

Additional install commands:

### Portable and language managers

- npm (100%):

```sh
npm install -g sfw
```

  Evidence: local npm package metadata

## Package facts

- **Package key:** npm:sfw
- **Package manager:** npm
- **Package manager page:** <https://www.npmjs.com/package/sfw>
- **Version:** 2.0.6
- **Source summary:** Socket Firewall wrapper that verifies latest release and then runs npm with original args.
- **Homepage:** <https://github.com/SocketDev/sfw-installer#readme>
- **Repository:** <https://github.com/SocketDev/sfw-installer>
- **Upstream docs:** <https://github.com/SocketDev/sfw-installer#readme>
- **License:** MIT
- **Source archive:** <https://registry.npmjs.org/sfw/-/sfw-2.0.6.tgz>
- **Issue tracker:** <https://github.com/SocketDev/sfw-installer/issues>
- **Published:** 2026-05-22T16:42:22.828Z
- **Last updated:** 2026-05-22T16:42:22.828Z
- **Generated:** 2026-07-10T07:20:53+00:00

## Executables

- sfw (cli)
- sfw (alias)

## Dependencies

- graceful-fs
- proper-lockfile
- retry
- signal-exit
- yocto-spinner

## Build dependencies

- @biomejs/biome
- @types/node
- @types/proper-lockfile
- esbuild
- proper-lockfile
- typescript
- yocto-spinner

## Install behavior

- Post-install hook: not defined
- Bottle: not available

## Freshness

- Page generated: 2026-07-10
- Package-manager version: 2.0.6
- Package-manager updated: 2026-05-22
- Local data: ok
- Upstream repository: https://github.com/SocketDev/sfw-installer
- info: No cached GitHub release or tag data was available.

## Security Notes

No matching local secret-handling manifest was found for sfw. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** npm registry
- **Dist Tags:** Latest: 2.0.6
- **Version Count:** 6
- **Maintainers:** feross, socket-bot
- **Publisher:** GitHub Actions
- **Engines:** Node: >=20
- **Integrity:** sha512-qzAjx9DjG/gCHo+UO6S6Kd4bl0NYltnQBQzCV34BvQr0GLfvtqTWveiVI2kA2oh/yFCfe+2q60SpNj+AyUg5fQ==
- **Shasum:** 46255716da37da965a94bfbb2142b6f4b1758064
- **Unpacked Size:** 75,564
- **File Count:** 0
- **Created At:** 2017-06-11T15:38:07.377Z
- **Latest Published At:** 2026-05-22T16:42:22.828Z
- **Modified At:** 2026-05-22T16:42:23.111Z


## Related links

- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched curated package taxonomy and local package facts.
- [snyk-delta](https://www.automicvault.com/pkg/npm/snyk-delta/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, security, static, static-analysis.
- [snyk-nodejs-lockfile-parser](https://www.automicvault.com/pkg/npm/snyk-nodejs-lockfile-parser/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, lockfile, security, spinner.
- [snyk-to-html](https://www.automicvault.com/pkg/npm/snyk-to-html/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, security, static, static-analysis.

## Sources

- Nucleus package database
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
