Skip to main content
Dependency guards intercept package install commands during agent runs and check them against a security service before allowing the install to proceed. If a package is flagged as risky, the install is blocked and the agent is told to use a safer alternative.

How It Works

When an agent runs a package install command (e.g., npm install, pip install, cargo add), Jinzo intercepts the command, extracts the package names, and checks them against the configured guard service. If any package fails the security check, the command is denied before it executes. This works across all three agent runtimes:
AgentMechanism
ClaudePreToolUse hook on Bash commands
CopilotPre-tool-use hook on shell/bash tools
CodexDynamic tools check before execution

Supported Ecosystems

Guards detect install commands for multiple package managers:
EcosystemCommands detected
npmnpm install, npm add, yarn add, pnpm add
Pythonpip install, pip3 install
Cargocargo add, cargo install
Gogo get, go install
RubyGemsgem install, bundle add

Socket.dev

Jinzo uses Socket.dev as the guard provider. Socket analyzes packages for supply chain risks, known vulnerabilities, and suspicious behavior.

Setup

1

Get an API key

Create a Socket.dev account and generate an API key from your organization settings.
2

Connect in Jinzo

Go to Settings > Apps and click Connect next to Socket.dev. Enter your API key.
3

Guards activate automatically

Once connected, guards are active for all agent runs. No per-workspace configuration needed.

What Gets Checked

For each package, Socket.dev returns:
FieldDescription
Overall score0-1 health score based on multiple risk factors
Risk levelcritical, high, medium, low, or none
AlertsSpecific security issues (malware, typosquat, etc)
Packages below the minimum score threshold are blocked automatically.