Preventing Supply Chain Attacks at Modular

April 25, 2024

Zac Bowling

AI Framework Engineer

Swetha Muniraju

AI Frameworks Manager

At Modular, the pace of innovation means we are always shipping new software and features for our users. While this is really exciting, it also presents some unique challenges. Modern software and delivery mechanisms are more vulnerable to security attacks than ever before. It is estimated that in 2024, 96% of total codebases contained open-source code with an average of 500+ components per app. Recent events, such as the sophisticated XZ supply chain attack, have highlighted the urgent need for robust defenses against these types of vulnerabilities in the supply chain. At Modular, a secure software delivery strategy has been our core tenet since we shipped our first version of Mojo back in the Fall of 2023.

The ecosystem today

Traditionally, software delivery systems have relied on a combination of SSL/TLS for downloading software from a trusted source, signing systems like GPG, and verified cryptographic hashes to validate that packages were not tampered with. You can see these techniques used in package managers like PyPI, apt, YUM, and others. However, only coarse-grained approaches to security are used in these systems and they are still vulnerable to attacks as they always assume the source repository can be trusted. In addition, none of these methods guard against the modern supply chain attacks as they can happen from any point from package creation to deployment. Nor are they designed to help recover when such attacks occur. For example, say your signing keys are compromised, many of these package management systems are ill-equipped to quickly handle the aftermath without manual user intervention.

Given all of these constraints, we at Modular had a set of questions we wanted to solve.

  • How do we deal with a potential leak of our signing keys?
  • How can we revoke software we have shipped that have known vulnerabilities introduced either by third-party dependencies or by us?
  • How can we help the user validate that the installed software is genuine and not tampered with in the distribution supply chain, especially when it's delivered by our CDN partners, who may have been compromised?

Building on “The Update Framework” standard

The Update Framework (TUF) specification was written to overcome some of the security vulnerabilities faced by using traditional package managers. TUF publishes standards and techniques to update software securely and to handle supply chain attacks. It validates files using public/private shared key encryption and provides a mechanism for quickly rotating keys without necessarily invaliding all the previous releases of the software. In addition to handling key compromises swiftly, TUF also prevents malicious mirror update attacks, replay attacks, and a host of other attack vectors. A full list of attacks that TUF protects against are listed in detail here.

The TUF organizers provide a few reference implementations to get started with; however, these are not out-of-the-box general-purpose software update solutions. This is because different software deployment systems and their accompanying packages may have complex needs depending on the environments they run. For that reason, TUF doesn’t specify concepts like versioning, installation requirements, system compatibility, or even the actual method of software delivery (HTTPS, BitTorrent, etc.). To complete that story for Modular, we had to build our client implementation of TUF with all the additional features that you might find in a package manager.

The modular CLI

When considering all these problems with secure software packaging and distribution we found there wasn't one out-of-the-box cross-platform solution that we could simply adopt that solved all of these problems for us. This was one of the many reasons that led us to build the modular CLI (

If you have already installed the MAX and/or the Mojo standalone package, chances are that you have already interacted with our modular CLI. The modular CLI is how we securely distribute the Mojo, Mojo nightly, and MAX packages. The modular CLI is installed as a signed system native package, which provides the first layer of security. For this layer, we are still constrained by some of the challenges that we had outlined earlier. However, we mitigate some of these risks via an authentication in the next step.

First round of security - authentication

After installing the modular CLI, we ask users to authenticate the modular CLI to get started.

# after installing the modular CLI > modular auth To complete auth, open this web page: Verify using this code: NMBC-ZDRD Waiting for confirmation...

Authentication provides yet another opportunity to validate the modular CLI tool and prevent the user from continuing with untrusted packaging. It provides some security against replay attacks where an intruder works to keep a user on an older and possibly compromised version of the client that could be used to try and install other compromised software.

Second round of security - package verification

After authentication, users can use the modular CLI to install a number of packages. Today this includes the full MAX, Mojo standalone, or Mojo nightly packages.

> modular install mojo # Found release for @ 24.2.1 # Downloading archive: packages/24.2.1/mojo-arm64-apple-darwin... Downloaded [ ██████████████████████████ ] 100% 167MiB/167MiB # Extracting downloaded archives. Extracted [ ██████████████████████████ ] 100% 167MiB/167MiB # Extraction complete, setting configs... # Configs complete, running post-install hooks... 🔥 Mojo installed! 🔥

The modular CLI does several things, including checking for the latest version of the package, finding a compatible and optimized version for your system, downloading the package, and securely validating it before attempting to install it.

What does this mean for you?

The best part about this is that you shouldn't have to worry about any of this. Good security is hard work, but it is at its best when you don't have to think about it. We are continuing to drive state of the art techniques into all levels of our technology and products, and will continue to ensure you get the right bits delivered securely

What's next?

As we grow our community, we are excited to scale our modular client to support different platforms. We'll also continue to introduce delightful new features so you can continue to fall in love with our products and technologies. We are constantly listening to your feedback and adapting our roadmaps to cater towards our community needs. If you have any comments or feedback, please reach out to us on discord channels or via GH-Issues.

If you are interested in contributing to the work that we are doing at Modular, there’s good news for you - We are hiring! Please visit and apply to the open positions.

Zac Bowling
AI Framework Engineer
Swetha Muniraju
AI Frameworks Manager