Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We’re using an internal package repository that acts as a gateway to the public package repositories, except it can have custom rules such as “min release age 30 days”, and can also give logs about which projects have actually downloaded a specific version.

It’s so much overhead and auditing to enforce compliance across the thousands of node microservices though.



That’s a great idea. Maybe use Claude Code with some owasp knowledge to sweep through them and see if there’s anything obvious?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: