RSS

Supply Chain DLP: Stop Leaked .env Files, Credentials, SSH Keys, and API Tokens

ronreiter1 pts0 comments

SCDLP — Supply Chain DLP for macOS

★ 0<br>GitHub

Supply Chain DLP<br>for your secrets

Protect your .env files, cloud keys, SSH & GPG keys, and API tokens<br>from supply-chain attacks. Every app that tries to read a secret needs your one-time approval —<br>so a compromised dependency or rogue AI agent can't exfiltrate what it can't read.

Download for macOS<br>See how it works

The supply-chain secret leak

Developers are under constant threat from untrusted code. Every day your machine<br>runs thousands of packages — and their transitive dependencies — written by unverified authors,<br>each free to read any file you can. One poisoned dependency, build script, or AI agent is all it<br>takes to ship your credentials to an attacker.

postinstall hooks

npm / pip / cargo / gem run arbitrary scripts on install. The classic payload reads<br>~/.aws/credentials, ~/.npmrc, .env and phones home.

AI agents & terminals

Agentic tools scan your working directory for "context" — sweeping up .env files<br>and cloud tokens you never meant to share.

No visibility

By default macOS lets any process you run read any file you can. You never even see it happen —<br>until the breach notification arrives.

Protects you from worms like Shai-Hulud

In September 2025, Shai-Hulud became the first self-replicating worm on npm.<br>A trojanized package's install script scanned the machine for secrets (npm tokens,<br>~/.aws/credentials, .env, SSH & GitHub tokens), exfiltrated them to<br>public repos, then used the stolen npm publish token to infect every other<br>package the victim maintained. Hundreds of packages fell within hours — and the next<br>npm install spread it further.

The entire worm depends on one move: reading your<br>credentials off disk. SCDLP breaks the chain right there.

You npm install a compromised dependency.

Its postinstall script runs with your privileges.

It tries to read ~/.npmrc, ~/.aws/credentials, .env… → SCDLP blocks the read.

Secrets exfiltrated to the attacker.

Stolen npm token republishes the worm.

No credentials leave disk, so there is nothing to steal and no token to<br>propagate with — even for a brand-new package SCDLP has never seen.

How it works

A signed system extension on Apple's Endpoint Security framework — kernel-grade, not a shim.

Intercept

SCDLP subscribes to authorization open events on Apple's Endpoint<br>Security framework, so every read of a protected file is checked by SCDLP first.

Identify

It resolves the full process ancestry — which program, launched by what,<br>under which app — and matches the file against your policy of path globs.

Decide

Covered by a rule? Allowed instantly. Otherwise SCDLP blocks the read right<br>away and raises a prompt — it never stalls the process waiting on you:<br>"Allow node to read ~/.aws/credentials?"

Approve & retry

Approve the prompt and your choice becomes a scoped rule — this file, this program, or a<br>trusted app. Re-run the command and the read goes through. You approve once.

Features

Everything runs from a menu-bar app — no terminal required.

Real-time approval prompts

When an unknown process reaches for a secret, SCDLP blocks the read and raises a<br>Little-Snitch-style prompt showing the file and the full process chain. Allow it once, always<br>for that app, or deny — then re-run, and approved reads go straight through.

Editable policy

Decide exactly which files are protected with a table of path globs — *.env*,<br>*/.aws/credentials, SSH keys, tokens, kubeconfigs. Add, remove, and tune entries;<br>changes apply live, no restart.

Full decision history

Every allow and deny is recorded with the file, the matched category, and the complete<br>process ancestry — so you can see exactly what tried to read your secrets, and when.

Remembered rules

Your choices become scoped rules — by exact file, by program, or by trusted app — so you're<br>asked once, not every time. Review them anytime and revoke any rule with one click.

What you get

Defense that stays out of your way.

Trusted apps

Allowlist tools you trust to read secrets — once — so chatty-but-legit apps never flood you.

No prompt storms

Per-process re-prompt cooldown means a noisy reader is denied quietly, not 50 dialogs deep.

One-click kill switch

Toggle enforcement from the menu-bar shield whenever you need to get out of the way.

Kernel-grade

Built on Apple's Endpoint Security framework — signed, notarized, and tamper-resistant.

Private by design

Everything stays on your Mac. No telemetry, no cloud, no accounts — ever.

Open source

MIT-licensed and auditable end to end. Read every line, build it yourself.

Install

Signed & notarized. Requires macOS 13+ and one approval in System Settings.

Download the app

Grab the latest signed,<br>notarized build and drag scdlp.app into Applications.

On first launch, approve the system extension in<br>System Settings → General → Login Items & Extensions → Endpoint Security ,<br>and grant Full Disk Access to the extension.

Build from source

# needs Go + Xcode + a Developer ID cert<br>git clone...

read credentials scdlp file chain process

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.