Coverage

What stillrunning blocks, what it doesn't, and why.

Install-time Protection

“Intercepted via wrapper” means stillrunning’s pip/npm command shim (installed on your PATH) scans the package before it installs. Direct OS binaries like /usr/bin/pip run outside that shim, so they show “No” here — the import hook backstops those at runtime (see below).

Attack Vector	Blocked?	Notes
`pip install malicious-pkg`	Yes	Intercepted via wrapper
`pip3 install malicious-pkg`	Yes	Intercepted via wrapper
`python3 -m pip install`	Yes	Intercepted via python3 alias
`pip install -r requirements.txt`	Yes	All packages scanned
`pip download malicious-pkg`	Yes	Intercepted
`pip wheel malicious-pkg`	Yes	Intercepted
`npm install malicious-pkg`	Yes	Intercepted via wrapper (agent v2.13.2+; earlier versions blocked all npm installs without scanning — fail-closed, fixed 2026-06-11)
`/usr/bin/pip install`	No	Direct binary, not intercepted
Virtual env pip	Partial	Requires manual activation
uv / Poetry / pdm / Pipenv / Conda / pixi	Yes	Intercepted via wrapper (agent v2.4.0+)
bun / pnpm	Yes	Intercepted via wrapper (agent v2.4.0+)
Pipx	No	Not intercepted (use import hook)

Why can't we intercept everything?
OS-level pip (/usr/bin/pip) runs outside our PATH override. Virtual environments create their own pip binaries. This is why the import hook exists — it catches everything at runtime.

Runtime Protection (Import Hook)

Attack Vector	Blocked?	Notes
`import malicious_pkg`	Yes	Blocked before execution
`from malicious_pkg import x`	Yes	Blocked before execution
`__import__('malicious_pkg')`	Yes	sys.meta_path catches all
`importlib.import_module()`	Yes	sys.meta_path catches all
Package already installed	Yes	Caught on first import
Obfuscated import	Yes	All imports go through meta_path

Defense in depth.
Even if a package bypasses install-time checks (via /usr/bin/pip, venv, or manual copy), the import hook catches it when the code tries to use it.

What We Check

Check	Method	Speed
Known malicious packages	Local blocklist + threat feed	<1ms
Hash verification	Compare SHA256 against PyPI	~200ms
Typosquatting detection	Edit distance from popular packages	<1ms
AI analysis (unknown packages)	Claude Haiku review	2-5s

Limitations

Not blocked:

Malicious code in legitimate packages (compromised maintainer)
Zero-day attacks before threat feed updates
C extensions or binary blobs (we only analyze Python source)
Packages installed by other tools (Docker, system packages)

Recommended Setup

For maximum coverage, use both layers:

stillrunning --setup — Install-time intercept
stillrunning --install-hook — Runtime import protection

Integration guide →