Supply chain attacks against package registries are no longer exotic. In Q1 2026 alone: LiteLLM's PyPI package was compromised, a worm self-propagated through npm (CanisterWorm), install-hook exploits hit the npm ecosystem (PhantomRaven / Shai-Hulud 2.0), and the axios maintainer account was taken over to push a RAT dropper.
The common thread: your machine trusts upstream by default, and a single poisoned dependency or stolen credential can cascade into full compromise.
When coding agents enter the picture — Pi, Claude Code, Cursor, Copilot, Codex, whatever comes next — the blast radius widens. Agents run with your shell, your tokens, your SSH keys, and your ambient permissions. Often autonomously, across many repos, for hours.
This is a practical guide. Each section says who it's for, how urgent it is, and what to actually do. It's based on a real hardening sprint on a macOS developer machine, not a theoretical framework.