More Resources

Package Traffic Controller

Eliminate Shadow Package Downloads

Create a safety perimeter around your organization. Ensure your developers, agents, and AI users have monitored, secured, and uninterrupted access to third-party components.

THE CHALLENGE

Developers and agents bypass secure download methods.

Bad actors have shifted from attacking production systems to poisoning the third-party components developers and AI agents consume daily. Allowing direct access to public registries creates a visibility and control gap that puts you at risk.

THE SOLUTION

Automatically route artifact traffic through your secure system of record.

Available with JFrog Curation, Package Traffic Controller eliminates OSS and dependency download blind spots, ensuring software components are brought in via your software supply chain system of record where they can be logged, tracked, and vetted for compliance and security before use.


HOW IT WORKS

Package Traffic Controller how it works diagram

 

PACKAGE TYPES AND CLIENTS SUPPORTED

  • npm – npm, yarn, pnpm
  • PyPI – pip, uv, poetry, pipenv
  • Hugging Face
  • Docker / OCI
  • Additional package registries coming soon
 BENEFITS 

  • A complete system of record: Every artifact used is logged and auditable.
  • Protect your organization: Proactively block malicious and non-compliant artifacts.
  • Frictionless, continuous flow: “Invisible” rerouting and compliant version serving.

The Leading Platform for Software Supply Chain Governance

JFrog is trusted by DevSecOps organizations globally to manage, secure, and govern the building blocks of all their mission-critical applications at scale.

For more information about how you can gain all the benefits of Package Traffic Controller with JFrog Curation and the entire JFrog Software Supply Chain Platform, feel free to take an online tour, schedule a one-on-one demo or visit our help center at your convenience.

Trusted Releases Built For Speed

Start Free