Iranian Developers Are Losing Access to GitHub, npm, and the Cloud — What US Sanctions Actually Block

Long before missiles flew in 2026, the US government had been quietly cutting Iranian developers off from the global software ecosystem. US sanctions — administered by the Office of Foreign Assets Control (OFAC) — require American companies to restrict access to their services for users in sanctioned countries. GitHub, npm, VS Code, most cloud platforms, and virtually all payment processors are subject to these rules. As the USA-Iran conflict has escalated, enforcement has tightened. Here is exactly what is blocked, what is not, and what the global developer community is doing about it.

What Is Currently Blocked for Iranian Developers

GitHub: GitHub (owned by Microsoft) has restricted access for users in Iran to paid features and private repositories since 2019. After the 2026 escalation, restrictions have tightened further. Iranian developers can still access public repositories as anonymous users, but creating accounts, pushing code, participating in discussions, and accessing GitHub Actions, Codespaces, and Copilot requires workarounds. GitHub has stated this is driven by OFAC requirements, not company policy.

npm: npm (also Microsoft/GitHub-owned) restricts Iranian accounts similarly. Publishing packages to the npm registry from Iran is effectively blocked. Downloading packages in a build process generally still works because npm package downloads are considered "publicly available information," but account-authenticated operations face restrictions.

VS Code Extensions Marketplace: Restricted for Iranian accounts. Anonymous extension download typically still works, but account-gated features and publishing do not.

Cloud platforms: AWS, Azure, GCP, and Oracle Cloud all restrict Iranian users per OFAC requirements. No account creation, no credit card processing, no API access. Iranian developers use workarounds — VPNs, accounts registered through diaspora family members, or European/Chinese cloud providers not subject to OFAC.

Payment processors: Stripe, PayPal, and all major US-headquartered processors are unavailable in Iran. Iranian freelancers and open source contributors have no legitimate path to receive international payment through mainstream channels.

App stores: Apple App Store and Google Play restrict Iranian developer accounts. Iranian developers cannot publish paid apps or receive revenue through these platforms.

AI tools: GitHub Copilot, ChatGPT (with account), Claude, and most AI coding assistants require accounts Iranian users cannot create normally.

What Is NOT Blocked

Downloading publicly available open source software is generally not restricted. OFAC carves out "publicly available information" including publicly released software and academic materials. Most Iranian developers can still:

• Download npm packages in their builds (without an authenticated account)
• Clone public GitHub repositories
• Access publicly available documentation and open source code

The restriction is on participation — publishing, contributing, receiving payment, using authenticated services — not on consuming public information.

The Human Impact

Iran has a highly educated developer population. Iranian universities (Sharif University of Technology in particular) produce world-class engineers in CS, mathematics, and engineering. Iranian developers have made significant contributions to open source projects — often without the community realising the contributor's location, because code quality speaks for itself.

The sanctions regime treats all Iranian residents as equivalent regardless of their political views. A 25-year-old developer in Tehran trying to contribute a bug fix to an open source library faces the same restrictions as the IRGC's cyberwarfare division. This is a well-known critique of the OFAC approach from the developer community.

What the Developer Community Is Doing

Alternative platforms: GitLab, Codeberg, and SourceHut are European-headquartered alternatives without the same OFAC obligations. Some Iranian developers and open source projects have moved repositories there. These platforms have explicitly stated more permissive policies for users in sanctioned countries.

Cryptocurrency for payment: Many Iranian freelancers use Bitcoin, USDT, and other cryptocurrencies via DEXs and P2P exchanges to receive international payment. This operates in a grey zone — OFAC technically restricts dollar-denominated crypto transactions with Iran, but P2P enforcement is limited.

VPN usage: Nearly universal among Iranian developers who need access to restricted platforms. Iranian developers commonly use VPNs to access GitHub and developer tools. This creates its own legal ambiguity — OFAC restrictions technically apply regardless of IP obfuscation.

Is Sanctioning Developers Counterproductive?

This is a live policy debate. Arguments for: comprehensive sanctions pressure maximises economic pain on the Iranian government, theoretically weakening its capacity to fund military and nuclear programs.

Arguments against: cutting Iranian developers off from the global software ecosystem does not meaningfully hurt the IRGC, which has its own tools and infrastructure. It does hurt the Iranian middle class and technical community — the demographic most likely to be sympathetic to Western values. It also pushes Iranian developers toward Chinese and Russian technical ecosystems, accelerating the bifurcation of the global internet.

EFF, Access Now, and several open source foundations have advocated for carve-outs specifically for developer tools and open source participation — arguing that code is speech, and restricting individual developer contribution serves no meaningful sanctions objective.

What This Means for Global Developers

If you maintain an open source project, you have almost certainly received contributions from Iranian developers — potentially without knowing it. If you want to maintain an inclusive community, understand the restrictions your hosting platform imposes and communicate alternatives for contributors in restricted jurisdictions.

If you are building a product developers in Iran might use: your US-hosted SaaS may be restricted by OFAC requirements. You can design to minimise friction where legally possible — keep documentation and code assets publicly accessible without account creation.