1 comment

[ 1.8 ms ] story [ 9.8 ms ] thread
Interesting thought from https://twitter.com/d_scho/status/1419752750351540231

> Isn‘t dependabot doing the same, basically?

with a response in the thread at https://twitter.com/solidnerd/status/1420307219745230850

> Dependabot / renovate only checking for version updates of your programm deps. Package Hunter analyze a program's deps for unexpected behavior (mal code) by installing the dependencies in a sandbox env and monitors system calls executed during the installation.

Package Hunter requires Falco, Docker and NodeJS to run, following the instructions at https://gitlab.com/gitlab-org/security-products/package-hunt... - give it a try :)