| ▲ | Can NPM, pnpm etc. use frontier models to check packages for malware? | |||||||
| 4 points by VikRubenfeld 8 hours ago | 4 comments | ||||||||
Just a thought. This seems like something that should happen | ||||||||
| ▲ | twunde 5 hours ago | parent | next [-] | |||||||
This is essentially what some 3rd party vendors do, which is why supply chain malware is typically found in hours now and not weeks. The reason why npmjs, pypy and other public registries don't do this is because it would likely 10x+ the cost of their infrastructure while not bringing in much new revenue. It's also potentially orthogonal to paint customers needs since it could likely lead to downtime or at least block new releases going out | ||||||||
| ▲ | benoau 8 hours ago | parent | prev | next [-] | |||||||
Surely Microsoft would already be doing this extensively across GitHub, NPM, NuGet etc... | ||||||||
| ||||||||
| ▲ | lalsanhim 8 hours ago | parent | prev [-] | |||||||
Hii | ||||||||