3
A Git-native dependency admission controller. Evaluates trust signals on every dependency change and blocks commits or builds when packages fail your team's policy (github.com)
submitted 1 week ago by monica_b1998@lemmy.world to c/cool_github_projects@programming.dev
2 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] ultimate_worrier@lemmy.dbzer0.com 3 points 1 week ago* (last edited 1 week ago)

Available via the ….wait for it

npm!

These supply chain attack tragic comedies write themselves. This time, we might become vulnerable to supply-chain attacks when we use a tool to prevent supply-chain attacks! Hilarious!

What happens if trustlock gets hacked? Could it have been built in a less vulnerable language perhaps? Unison, Rust, Haskell, etc.

Why nodeJS? Go with what you know even when what you know is a vulnerable ecosystem and package manager.

Ps. If you’re going to write it with Claude code, you might as well choose a better language. This begs to be forked because it’s a great idea. IMO, it is CRUCIAL to have your supply chain attack prevention run in as safe (and separate) an environment as possible.

[-] lavember@programming.dev 2 points 6 days ago

yup. saw that javascript yellow at the languages bar and lost all further interest

this post was submitted on 16 Apr 2026
3 points (80.0% liked)

Cool GitHub Projects

1668 readers
1 users here now

Wormhole

!code_review@programming.dev

Icon base by Caro Asercion under CC BY 3.0 with modifications to add a gradient

founded 2 years ago