How Cloudflare’s client-side security made the npm supply chain attack a non-event

Bashyam Anant
6 min readadvanced
--
View Original

Overview

The article discusses how Cloudflare's client-side security, specifically Page Shield, effectively mitigated the npm supply chain attack that occurred in September 2025. By leveraging machine learning to analyze and classify JavaScript scripts, Cloudflare was able to detect malicious activity and prevent significant damage to users relying on compromised npm packages.

What You'll Learn

1

How to utilize Cloudflare Page Shield to protect against malicious JavaScript libraries

2

Why machine learning is effective in detecting malicious scripts

3

How to assess the security of npm packages in your applications

Key Questions Answered

How did Cloudflare prevent the npm supply chain attack?
Cloudflare utilized its Page Shield service to detect and block malicious JavaScript libraries that were injected into compromised npm packages. This proactive security measure leveraged machine learning to analyze scripts and identify potentially harmful behavior, thus protecting users from crypto-stealing attacks.
What metrics does Cloudflare use to evaluate its JavaScript classifiers?
Cloudflare's JavaScript classifiers are evaluated based on precision, recall, and F1 score. The latest version reports a precision of 98%, recall of 90%, and an F1 score of 94%, indicating high accuracy in identifying malicious scripts while minimizing false positives.
What improvements are planned for Cloudflare's script detection?
Cloudflare plans to enhance its machine learning signals by incorporating contextual data such as script URLs and connected domains. This will help address more complex scenarios, including user tracking scripts, by combining static and dynamic analysis techniques.

Key Statistics & Figures

Scripts assessed per day
3.5 billion
Cloudflare Page Shield evaluates this number of scripts daily to detect malicious activity.
Percentage of malicious scripts detected
Less than 0.3%
This statistic reflects the effectiveness of Cloudflare's machine learning-based detection system.
Precision of the latest model
98%
Indicates the model's accuracy in identifying benign scripts.
Recall of the latest model
90%
Shows the model's ability to correctly identify malicious scripts.
F1 score of the latest model
94%
Represents the balance between precision and recall in the model's performance.

Technologies & Tools

Security
Cloudflare Page Shield
Used to detect and block malicious JavaScript libraries in web applications.
AI/ML
Machine Learning
Employed for analyzing and classifying scripts to identify malicious behavior.

Key Actionable Insights

1
Regularly audit your dependency tree for recently published versions of npm packages, especially those released around critical dates like early September 2025.
This practice helps identify potentially compromised packages and mitigate risks associated with supply chain attacks.
2
Utilize Cloudflare Page Shield to monitor and detect malicious scripts in your applications.
Implementing Page Shield can provide an additional layer of security, especially for applications heavily reliant on third-party JavaScript libraries.
3
Rotate any credentials exposed in your build environment immediately after a security incident.
This is crucial to prevent unauthorized access and ensure the integrity of your CI/CD pipelines.

Common Pitfalls

1
Failing to regularly audit and update dependencies can lead to vulnerabilities in applications.
Many developers overlook this step, which can result in using compromised libraries that expose applications to security risks.

Related Concepts

Supply Chain Security
Javascript Security Practices
Machine Learning In Cybersecurity