| ▲ | nine_k 4 hours ago | |||||||
> comes out to ~$200 in tokens every time BTW a curated mirror of <whatever ecosystem> packages, where every package is guaranteed to have been analyzed and tested, could be an easy sell now. Also relatively easy to create, with the help of AI. A $200 every time is less pleasant than, say, $100/mo for the entire org. Docker does something vaguely similar for Docker images, for free though. | ||||||||
| ▲ | AgentME 4 hours ago | parent [-] | |||||||
People are already scanning npm constantly. You can limit yourself to pre-scanned packages by setting npm's minimum release age setting to 1 or 2 days (a timeframe that all the recent high-profile malicious package versions were unpublished within). | ||||||||
| ||||||||