Ask HN: Securing Pip and NPM package use?

1 points by giantg2 ↗ HN
Does anyone use a scanning utility to check packages for security issues? Like proxying the request through a utility that will provide some scanning before returning it.

1 comment

[ 2.8 ms ] story [ 13.0 ms ] thread
This might not be exactly what you meant or wanted, but I use OpenSnitch, which alerts me about all new connections. I also use temporary disposable virtual machines in QubesOS to isolate those kinds of activities from my more vulnerable systems.