⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST • ⚠ SUPPLY CHAIN ATTACK • DO NOT INSTALL • UNVERIFIED PACKAGE • DO NOT TRUST •

CRITICAL2024

xz-utils

Maintainer takeover

A 2-year stealth compromise nearly backdoored OpenSSH on every major Linux distro. Caught days before mass deployment.

Impact: Billions of servers

CRITICAL2024

polyfill.io

Domain hijack

Domain sold; 100k+ websites immediately started serving malware to users through the CDN with zero code changes.

Impact: 100k+ websites

CRITICAL2018

event-stream

Maintainer handoff

Original author handed off the package to a stranger who injected code to steal Bitcoin from Copay wallet users.

Impact: 2M weekly downloads

CRITICAL2021

ua-parser-js

Credential theft

Stolen npm credentials used to push a version that silently deployed a cryptominer and password stealer.

Impact: 8M weekly downloads

HIGH2022

node-ipc

Protestware

Author added a wiper targeting Russian and Belarusian IPs, silently shipped to every vue-cli user worldwide.

Impact: vue-cli ecosystem

HIGH2016

left-pad

Unpublish cascade

One 17-line package unpublished in a dispute caused a global npm cascade, breaking React and Babel builds.

Impact: Global npm outage

HIGH2018

eslint-scope

Credential theft

Attacker used stolen credentials to publish a version that harvested npm auth tokens from CI systems.

Impact: Developer credentials

HIGH2022

colors

Intentional sabotage

Maintainer deliberately broke the package outputting infinite gibberish, disrupting thousands of CI pipelines at once.

Impact: Thousands of pipelines

Live on Base Sepolia · 2026

npm, but trustless.

Every release signed on-chain by multiple maintainers.
One compromised key is never enough.

then 3pm publish · 3pm approve · 3pm install

800%rise in supply chain attacks since 202017,954+malicious packages removed in 2023$46Bestimated annual industry damage

—

Packages secured

Base Sepolia

Network

M-of-N

Multisig

Supply chain incidents

The npm ecosystem is under attack.

These aren't hypothetical risks. Every incident below used an attack vector that 3pm's multi-sig threshold and on-chain attestation would have blocked.

CRITICALxz-utils2024

Maintainer takeover

A two-year stealth compromise nearly backdoored OpenSSH across all major Linux distributions — discovered days before widespread deployment.

Impact: Billions of serversblocked by 3pm

CRITICALpolyfill.io2024

Domain hijack

Domain sold to a Chinese CDN company; 100,000+ websites were instantly delivering malware to their visitors with no code changes.

Impact: 100k+ websitesblocked by 3pm

CRITICALua-parser-js2021

Credential theft

Attacker used stolen npm credentials to push a trojaned version that silently installed a cryptominer and exfiltrated passwords.

Impact: 8M weekly downloadsblocked by 3pm

CRITICALevent-stream2018

Maintainer handoff

Original author transferred the package to a stranger; malicious code targeting Copay Bitcoin wallets ran undetected for months.

Impact: 2M weekly downloadsblocked by 3pm

HIGHnode-ipc2022

Protestware

Maintainer added logic to wipe files on systems with Russian or Belarusian IPs, silently deployed to all vue-cli users.

Impact: vue-cli ecosystemblocked by 3pm

HIGHcolors + faker2022

Intentional sabotage

Maintainer deliberately published broken versions outputting gibberish, disrupting thousands of CI pipelines in a single morning.

Impact: Thousands of pipelinesblocked by 3pm

HIGHeslint-scope2018

Credential theft

Stolen credentials used to publish a version that silently harvested npm auth tokens from every developer who ran it.

Impact: Developer credentialsblocked by 3pm

HIGHleft-pad2016

Unpublish cascade

A 17-line package was unpublished in a dispute, instantly cascading into a global npm outage that broke React, Babel, and thousands of apps.

Impact: Global npm outageblocked by 3pm

Architecture

Zero-trust publishing, every time.

Every release flows through cryptographic approval before a single byte touches npm. No single person can unilaterally publish.

Developer proposes

3pm publish

The CLI computes a deterministic SHA-512 digest from the tarball, snapshots the current nonce for replay protection, and submits a pending release to the backend — nothing goes to npm yet.

Maintainers sign

3pm approve <id>

Each authorized maintainer receives the EIP-712 typed-data payload and signs it locally with their wallet. Keys never leave their machine. Signatures are validated off-chain before submission.

Threshold reached

M-of-N collected

Once the required number of valid signatures are collected, the backend verifies authorization against the NameRegistry contract and confirms the nonce has not been replayed.

On-chain attestation

Base Sepolia tx

The relayer submits a single on-chain transaction that permanently records the release: package name, version, CID, integrity hash, and nonce — immutable and queryable forever.

npm publish

after confirmation

Only after the chain transaction confirms does the backend execute the actual npm publish. The package goes live on npm with a cryptographically verifiable on-chain record.

Install verifies

3pm install pkg@ver

When a user installs, 3pm fetches from npm, recomputes the digest locally, and checks it against the on-chain attestation. Any mismatch halts the install with a clear warning.

What's novel

Not a registry replacement. A trust layer.

3pm sits on top of npm. Your toolchain stays the same — you just gain cryptographic proof that every release is legitimate.

Multi-sig governance

EIP-712

M-of-N maintainer threshold. One compromised key is never enough. The owner controls team membership; maintainers control releases.

On-chain attestation

Base Sepolia

Every release is permanently recorded on Base L2 — immutable, queryable, and tamper-evident from day one.

Integrity verification

sha512

SHA-512 digest computed locally and anchored on-chain. Install-time verification catches any in-transit tampering.

Replay protection

nonce

Per-package nonces invalidate stale signatures automatically. An old approval can never be replayed against a new release.

Non-custodial signing

self-sovereign

No passwords, no accounts, no trust in a third-party server. Your keys, your packages — sign from any EVM wallet.

npm compatible

drop-in

Not a fork. Not a replacement. A trust layer that works with the existing npm registry and your existing workflow.

Comparison

How 3pm compares

Existing solutions leave critical gaps. Sigstore adds provenance but no governance. 2FA helps but one key is still enough. 3pm fills every row.

Feature	npm default	npm 2FA	Sigstore provenance	3pm
Multi-sig releases	–	–	–	✓
On-chain attestation	–	–	–	✓
Install-time verification	–	–	partial	✓
Replay protection	–	–	–	✓
Maintainer governance	–	–	–	✓
Non-custodial signing	–	–	partial	✓
Tamper-evident history	–	–	partial	✓
Threshold approval	–	–	–	✓

On-chain registry

Recently published

View all →

No packages published yet. Register yours →

Secure your packages today.

One command to install. Every future release verified on-chain, automatically.

$npm install -g @3pm/cli

Dashboard →

Base Sepolia · open source · non-custodial