This is how I set up Socket Firewall to protect my local dev environment from supply chain attacks. The core idea is simple: package installs are now part of the attack surface. npm install, pip install, CI jobs, and LLM agent workspaces can all execute attacker-controlled code before anything reaches production. So I wrapped my package managers with @SocketSecurity’s sfw, cleared local caches, and made normal commands like npm, pnpm, yarn, pip, uv, and cargo route through Socket Firewall by default. The article covers: 1. Why the TanStack npm compromise made this urgent 2. How install-time protection differs from auditing after the fact 3. The shell wrapper setup 4. What LLM coding agents should do before installing packages Supply chain security cannot depend on everyone remembering to be careful at the exact moment they are trying to move fast. The safer path has to become the default path.