A Git-native dependency admission controller. Evaluates trust signals on every dependency change and blocks commits or builds when packages fail your team's policy. Pre-commit hook + CI gate wi...
These supply chain attack tragic comedies write themselves. This time, we might become vulnerable to supply-chain attacks when we use a tool to prevent supply-chain attacks! Hilarious!
What happens if trustlock gets hacked? Could it have been built in a less vulnerable language perhaps? Unison, Rust, Haskell, etc.
Why nodeJS? Go with what you know even when what you know is a vulnerable ecosystem and package manager.
Ps. If you’re going to write it with Claude code, you might as well choose a better language. This begs to be forked because it’s a great idea. IMO, it is CRUCIAL to have your supply chain attack prevention run in as safe (and separate) an environment as possible.
Available via the ….wait for it
npm!
These supply chain attack tragic comedies write themselves. This time, we might become vulnerable to supply-chain attacks when we use a tool to prevent supply-chain attacks! Hilarious!
What happens if trustlock gets hacked? Could it have been built in a less vulnerable language perhaps? Unison, Rust, Haskell, etc.
Why nodeJS? Go with what you know even when what you know is a vulnerable ecosystem and package manager.
Ps. If you’re going to write it with Claude code, you might as well choose a better language. This begs to be forked because it’s a great idea. IMO, it is CRUCIAL to have your supply chain attack prevention run in as safe (and separate) an environment as possible.
yup. saw that javascript yellow at the languages bar and lost all further interest