Skip to main content
Malicious Package Exclusions are available in SafeDep Cloud Pro and above. See pricing.Only tenant owners can create, edit, or delete exclusions. If you can view package analysis results but cannot manage an exclusion, contact your tenant owner.
Malicious Package Exclusions let your tenant suppress specific package findings from malicious package analysis after review. Use them when your team has reviewed a package and decided it is expected in your environment, so SafeDep stops surfacing the same finding repeatedly. Exclusions are tenant-specific: a package trusted in one SafeDep Cloud tenant is not automatically trusted in another. An exclusion does not mark a package as globally safe. It suppresses the finding only for the package identity you excluded (ecosystem, name, and version) within your tenant.

Where Exclusions Are Respected

Exclusions act as a tenant-level source of truth across SafeDep tools and integrations connected to SafeDep Cloud. This currently includes:
  • SafeDep Cloud package analysis views in app.safedep.io
  • GitHub App
  • vet in cloud mode
  • vet-action in cloud mode

When To Use An Exclusion

Use an exclusion when:
  • a package repeatedly appears as suspicious or malicious and your team has already reviewed it
  • you want to reduce noise without disabling malicious package protection
  • you want to trust a package temporarily by setting an expiry date
Do not use exclusions as a workaround for packages SafeDep has already verified as malicious.

What An Exclusion Applies To

Each exclusion is scoped to a package ecosystem, name, and version. You can also add a reason and an optional expiry date for temporary exceptions. Malicious Package Exclusions apply only to malicious package analysis. They do not change vulnerability findings or other SafeDep checks.

Create An Exclusion From Settings

The main place to manage exclusions is the SafeDep Cloud settings page:
1

Navigate to Settings

Go to app.safedep.io/settings/package-exclusions
2

Create Exclusion

Click Create Exclusion
3

Fill Details

Fill in the package details
4

Save

Save the exclusion
The page shows your existing exclusions in a table and a Create Exclusion button in the top-right corner. Malicious Package Exclusions settings page showing the exclusions table and Create Exclusion button

Fields

When creating an exclusion, SafeDep Cloud asks for:
  • Ecosystem: The package ecosystem, such as npm or PyPI
  • Package Name: The package to exclude
  • Version: The specific version to exclude
  • Reason: Why your team is excluding this package
  • Expires At: Optional expiry date for temporary exceptions
Use 0 in the Version field to exclude all versions of a package. Create Exclusion drawer in SafeDep Cloud showing ecosystem, package name, version, reason, and expiry fields

Create Or Manage An Exclusion From Package Analysis

You can also start from a package analysis result:
1

Open Package Result

Open a malicious package result in SafeDep Cloud
2

Create or Manage

Use the header action to create or manage an exclusion
Depending on the current state, SafeDep Cloud shows one of these actions:
  • Create Exclusion if no exclusion exists yet
  • Manage Exclusion if an exclusion already exists for that package and version
This is a convenient path when you are already investigating a package and want to create or review an exclusion without navigating back to Settings. Package analysis page showing the Create Exclusion action Package analysis page showing the Manage Exclusion action

Manage Existing Exclusions

The exclusions table helps you review and maintain the exclusions already configured in your tenant. Each row shows the ecosystem, package name, version, reason, current status, expiry date, and available actions for that exclusion. You can filter exclusions by:
  • ecosystem
  • package name
  • version
  • expiry status
  • expiry date
From the table, you can also:
  • edit an exclusion
  • delete an exclusion
  • review the reason and expiry date attached to each exclusion
  • quickly see whether an exclusion is active or close to expiring from the status badge
Exclusions table row actions menu showing Edit Exclusion and Delete Exclusion

Edit An Exclusion

Use Edit Exclusion when you need to change:
  • the version
  • the reason
  • the expiry date
  • the package identity
This is useful when an exclusion started as a short-term exception and later needs to be extended, narrowed, or documented more clearly.

Delete An Exclusion

Delete an exclusion when you want malicious package analysis to apply normally again. After you delete an exclusion, later scans or package analysis results may surface that package again if it is still detected as suspicious or malicious.

How Exclusions Work

SafeDep Cloud applies exclusions using the package identity you provide.

Exact Version Vs All Versions

Version is matched exactly. Enter 4.17.21 to exclude only that version, or 0 to exclude all versions. (0 is a special value meaning “all versions,” not the literal version 0.) If both an exact-version exclusion and an all-version exclusion could match, the exact version takes precedence.

Expiry

An exclusion with an expiry date stops applying automatically after the expiry time passes. This is useful for temporary investigation windows, migrations, and short-lived exceptions.

Verified Malicious Packages

SafeDep Cloud does not allow exclusions for packages it has already verified as malicious. If you try to create or update such an exclusion, SafeDep Cloud returns an error instead of saving it.

What To Expect After Adding An Exclusion

After an exclusion is added:
  • future malicious package analysis for that package stops surfacing the excluded result across SafeDep tools and integrations that respect tenant exclusions
  • the exclusion remains listed on the settings page so authorized users can review, update, or delete it later
  • you may need to refresh the page or rerun the scan to confirm the updated behavior
If you later delete the exclusion or let it expire, the package can reappear in analysis results.

Troubleshooting

I can see the page, but I cannot create an exclusion

Exclusion management is currently limited to tenant owners. If the button is disabled, ask your tenant owner to create or manage the exclusion for you.

I see a paywall instead of the exclusions table

Malicious Package Exclusions are available in SafeDep Cloud Pro and above. Upgrade your plan or contact your SafeDep representative if you need access.

Why did my exclusion stop working?

The most common reasons are:
  • the exclusion expired
  • the package ecosystem, name, or version does not match the current finding
  • you may need to refresh the page or rerun the relevant scan to confirm the latest result state
If SafeDep blocks you while creating or updating an exclusion, check whether the package has already been verified as malicious.

When should I use version 0?

Use version 0 when you want to exclude all versions of a package instead of just one specific version.

Next Steps

GitHub App

See how SafeDep respects exclusions in GitHub pull request checks

Malware Analysis

Learn how SafeDep Cloud analyzes packages for malicious behavior

Authentication

Configure access to your SafeDep Cloud tenant

Cloud FAQ

Find answers to common SafeDep Cloud questions