Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
davidpfarrell
4 months ago
|
parent
|
context
|
favorite
| on:
Pnpm has a new setting to stave off supply chain a...
Wow so couldn't said security co's establish their own registry that we could point to instead and packages would only get updated after they reviewed and approved them?
I mean I'd prolly be okay paying yearly fee for access to such a registry.
davidshepherd7
4 months ago
|
next
[–]
IIUC chainguard is this, but only for python, java, and docker images so far.
https://www.chainguard.dev/libraries
getcrunk
4 months ago
|
prev
[–]
I think it would be a no brainer for npm to offer this but idk why they haven’t
phatfish
4 months ago
|
parent
[–]
Probably because they would expose themselves legally? Not sure what the current situation is exactly, but I assume it's "at your own risk".
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
I mean I'd prolly be okay paying yearly fee for access to such a registry.