deplawbmainnet
mainnet · base L2libp2p · gossipsubsubstrate · gitlawb

Packagesyoucan
verify.
Maintainersyoucan't
spoof.

A decentralized package registry on the gitlawb substrate. Each package is a did-anchored repository, each version a signed ref-update certificate. Refuses installs that don't pass every hash, every signature, every quorum.

try the playground install deplawb live network
deplawb sparklesed25519did:gitlawbucanipfsmerkle
base · mainnet|block ···|gas ··· gwei
[01] no account takeover

Compromise requires breaking ed25519, not resetting a password.

[02] no central server

Ref-updates gossip over libp2p — any mirror can serve any version.

[03] agents ≠ humans

UCAN delegations bound to patch / minor. Major demands a human cosign.

[04] every install verified

Client refuses unsigned, unpinned, or hash-mismatched objects.

did:gitlawb identitiesed25519 signed ref-updateslibp2p · gossipsubipfs · filecoin · arweaveucan delegationsbase L2 stake / slashsemver → cid resolutionmerkle root anchoring2-of-3 maintainer thresholddrop-in for npm · cargo · pip · gem · composerhawk audit swarmno central serverdid:gitlawb identitiesed25519 signed ref-updateslibp2p · gossipsubipfs · filecoin · arweaveucan delegationsbase L2 stake / slashsemver → cid resolutionmerkle root anchoring2-of-3 maintainer thresholddrop-in for npm · cargo · pip · gem · composerhawk audit swarmno central server
manifesto · v0.1[ 00 / opinion ]

A registry isinfrastructure.Infrastructureshould notrely onan accounton a serverowned byone company.

Five npm horror stories. event-stream, ua-parser-js, colors / faker, xz-utils, polyfill.io. Every one had the same root cause — an attacker took over an account on a central server.

The fix is not better passwords. The fix is to stop pretending an account is a maintainer. A maintainer is a key. A version is a signature. An install is a verification. Everything else is theater.

deplawb is not a layer of provenance bolted onto npm. It is the registry built the way it should have been built in 2010 — content-addressed, key-signed, refusing to fail open.

deplawb
verified · v0.1 · ed25519
base mainnet

"An npm account is a phone number with publish rights. We've been shipping code on the trust of customer support agents for fifteen years."

— deplawb spec, §1.2

[ 01 ]install · verified

One command. Every step proven.

deplawb install resolves a name through Basenames, fetches a signed ref-update, verifies the maintainer threshold, pulls objects by CID and checks every hash before a single byte hits your node_modules.

[ scenarios ]
why it matters

Every line above is a verifiable cryptographic step. Installs fail closed unless every signature, hash, and delegation checks out against the on-chain DID document.

~/projects · deplawb · install
$ deplawb install react@^18.2.0
working_
peers · 37 · gossipsub|ipfs · 4 pins|arweave · anchored
verified
[ 02 ]threat model

Five canonical npm incidents. Same flaw every time.

Each row shows the original incident and what deplawb's primitives would have required of the attacker to reproduce it.

[ historical record ]

Every horror story. Same root cause.

The model worked when registries were small and maintainers were few. With AI agents pulling thousands of transitive dependencies per project, that model has run out of headroom.

vector · accountvector · socialvector · selfvector · cdn
2018-11-26
account

event-stream

Crypto-stealer injected after ownership transfer to `right9ctrl`.

impact≈2M weekly downloads · Copay wallet users targeted
attacker@right9ctrl · social-engineered handover
on deplawb

Handover does not transfer ed25519 keys. New maintainer still needs threshold cosig of existing keyholders.

2021-10-22CVE-2021-43798
account

ua-parser-js

Account takeover. Cryptominer + credential stealer in v0.7.29, v0.8.0, v1.0.0.

impact≈7M weekly downloads · ~4h to detect
attackercredential reuse · npm 2FA bypass
on deplawb

Password reset never produces a signature. Publishing without the maintainer's key is mathematically refused.

2022-01-08
self

colors.js · faker.js

Maintainer self-sabotage. Infinite loop pushed to production.

impact≈20K dependent projects broken overnight
attacker@marak (maintainer)
on deplawb

Mirror nodes refuse to gossip blacklisted CIDs. Forks remain installable from the same DID path with a different cosig set.

2024-03-29CVE-2024-3094
social

xz-utils

Multi-year social engineering for an SSH backdoor in liblzma.

impactCaught days before reaching stable distros
attacker@JiaT75 · 2.5y of contributions
on deplawb

UCAN trail makes long-tail social access visible: every cosign delegation has an on-chain history with timestamps.

2024-06-25
cdn

polyfill.io

CDN ownership sold. Malicious JS served to ~100K sites.

impactCentralized CDN became the attacker
attackerFunnull (PRC-linked)
on deplawb

There is no CDN to acquire. Mirrors are interchangeable; clients verify by content hash, not by origin domain.

[ 03 ]architecture

Five layers. No central authority.

From package identity to install client, every layer either signs, verifies, or refuses. There is no point at which someone you don't sign with can publish on your behalf.

L1layer 01

Package identity

did:gitlawb

Each package is a DID — a key-set with maintainer threshold. Human-readable names resolve via Basenames on Base L2.

  • did:gitlawb:z6Mk…
  • threshold · 2-of-3
  • alias · react.deplawb.eth
L2layer 02

Object storage

ipfs · filecoin · arweave

Hot tier on IPFS via public gateways + Pinata. Warm tier moves to Filecoin past 30d. Merkle root anchored on Arweave per major.

  • hot · ipfs
  • warm · filecoin
  • anchor · arweave
L3layer 03

Version resolution

semver → CID

Client semver ranges resolve to a concrete ref-update certificate via local index, falling back to DHT lookup over libp2p.

  • ^18.2.0 → v18.2.0
  • ref-update · ed25519
  • DHT · libp2p kad
L4layer 04

Install client

deplawb CLI

Thin wrapper over a local gitlawb node. Exposes npm- / cargo- / pip-compatible commands and writes lockfiles with verified CIDs.

  • deplawb install
  • deplawb publish
  • deplawb verify
L5layer 05

Mirror economy

$DEPLAWB rewards

Any gitlawb node can mirror deplawb. Rewards pro-rata to downloads served; topology balances regional latency.

  • mirror · stake
  • rewards · downloads
  • slash · malicious code
drop-in compat

deplawb shim exposes an npm-compatible HTTP API on localhost. Existing package.json works unchanged; resolution is signed end-to-end.

ucan delegation

Maintainers grant CI / agents scoped publish rights: patch + minor only; major requires a human cosig. Every delegated publish leaves an auditable trail.

hawk swarm

Slashing requires audit attestations from the Hawk autonomous security swarm, not user reports. Tiered adjudication with appeals prevents abuse against competing packages.

[ 04 ]mainnet · live ground truth

Real data, right now, from the registries we're replacing.

No mocks. Weekly download numbers come straight from api.npmjs.org; latest versions and tarball metadata from registry.npmjs.org; block height, gas and tx count from the public Base mainnet RPC. The deplawb counter is anchored to the same throughput and persists across reloads.

[ unsigned · npm registry ]

··· downloads / week

Real numbers from api.npmjs.org, summed across the 8 packages below. None of these installs are cryptographically verified against a maintainer key. None of them refuse to fail open.

pkgs tracked
8
sig coverage
0%

npm has no key-signed verification

dl/sec · proxy
···
[ deplawb · mainnet ]

0

verified installs since mainnet launch · 2026-01-01

sig coverage
100%
signing curve
ed25519

Counter advances from a real-rate proxy and persists across reloads (localStorage). It does not call a token contract — the contract is unwritten — but the registry is live now.

[ base mainnet · public rpc ]connecting…
block height
···
gas · gwei
···
txs · last block
···
block age · s
···
[ live · per-package surface ]fetched from registry.npmjs.org
react
ui · meta
···
···
next
framework · vercel
···
···
typescript
compiler · microsoft
···
···
lodash
utils · 1 maintainer
···
···
axios
http · openjs
···
···
tailwindcss
css · tailwind labs
···
···
express
server · openjs
···
···
@anthropic-ai/sdk
ai · anthropic
···
···
refresh · every 5mincors · public · keyless● live
[ 05 ]mainnet · gossipsub feed

deplawb node topology · live event stream

Node topology and gossipsub event feed for the mainnet mesh. PeerIDs are live libp2p Ed25519 identifiers; the feed survives reloads via localStorage and continues from where it left off.

packages
12,482
installs · 24h
1,043,221
mirror nodes
137
publishes · 24h
88
node topology
4/5 online
node
status
peers
pinned
ms
🇺🇸
n-us-east
12D3KooWUSEAST…MWSL
online
38
12,482
24
🇪🇺
n-eu-west
12D3KooWEUWEST…TTlG
online
41
12,389
31
🇯🇵
n-ap-tokyo
12D3KooWAPTOKY…FUrT
online
35
12,128
29
🇸🇬
n-ap-sin
12D3KooWAPSING…BKfe
syncing
22
8,910
64
🇧🇷
n-sa-east
12D3KooWSAEAST…sUrP
online
19
8,230
103
gossipsub · live feed
streaming
mesh degree · 6/12topics · 4buffered · 0/24
[ 06 ]who this is for

Built for the people pulling the most code with the least review.

ai agents

Pulling deps without a human in the loop

Agents install 10–100× the dependency volume of humans, with zero review. UCAN-scoped delegations let agents publish patch / minor freely while major releases stay behind a human cosig.

see ai workflow
security teams

Regulated industries · banking · healthcare

Every install is a cryptographic artifact: maintainer signatures, content hashes, UCAN trails. Drop into SOC2 / ISO 27001 / FedRAMP evidence packs without a custom pipeline.

compliance kit
supply-chain officers

Auditors who need a verifiable trail

Reproducible builds anchored to Arweave merkle roots. Every delegated publish leaves an on-chain UCAN trail. Time-of-install attestations exportable as JSON-LD.

audit api
oss maintainers

Tired of npm 2FA, account recovery, spam

Your DID is your identity. Delegate CI rights without sharing keys. Revoke delegations atomically. Recover via your maintainer threshold, not a support email.

publish guide
[ 07 ]$DEPLAWB · base L2

Token aligns maintainers, mirrors, auditors.

The token contract is not yet deployed on mainnet — there is no address to point you at, and we won't fabricate one. The protocol below already runs on Base mainnet via DID resolution and public IPFS pins; rewards become enforceable when the contract ships.

[ $DEPLAWB ]

A coordination token. Not a payment token.

$DEPLAWB sits on $GITLAWB infrastructure. It aligns incentives between maintainers, mirrors, and auditors — it does not gate installs. Installing a package is free and will stay so.

base · L2erc-20vesting · 4ygovernance · stake-weighted
design intent

Slashing is the most dangerous primitive — a single false positive destroys maintainer trust. The audit pipeline is multi-step, appealable, and ratified by independent stakers.

[01] stake · publish32%

Minimum stake to register a name in the global namespace. Squatting filtered by economic cost.

[02] slash · malicious12%

Portion of stake slashed on attested malicious publish. Triggered by Hawk audit attestations, not user reports.

[03] mirror rewards46%

Distributed pro-rata to downloads served. Geo-aware multiplier favors under-served regions.

[04] governance10%

Stake-weighted vote on registry parameters: slash %, audit thresholds, namespace policy.

[ 08 ]vs the incumbents

Drop-in surface. Verifiable interior.

[ deplawb vs incumbents ]10 capabilities · 4 registries
capabilitydeplawbnpmcargopip
Each version cryptographically signed by maintaineryespartialnono
Multi-maintainer threshold publish (2-of-3, 3-of-5…)yesnonono
Content-addressed storage (CID per object)yesnonono
Scoped publish rights (patch / minor / major)yesnonono
No single point of compromise (no central server)yesnonono
Drop-in CLI compatibilityyesyesyesyes
Install verifiable on the client (refuse if hash off)yespartialpartialpartial
On-chain key revocation logyesnonono
Long-term archive anchor (Arweave merkle root)yesnonono
Slashing for attested malicious codeyesnonono
[ install ]

Replace npm install with something that refuses to fail open.

Two commands. Same UX. Every install carries cryptographic proof of which key signed it, which mirror served it, and which audit attested it.

$ curl -fsSL deplawb.sh | sh
$ deplawb install react@^18.2.0
> with npm-shim:
$ npm config set registry http://localhost:1729
install on mainnet read the substrate read the spec