Show HN: Computer Police – block malicious NPM/pip installs locally (computer.police.dev)

1 points by kannthu ↗ HN
A couple of months ago, our team got hit by the first version of Shai-Hulud through a random `npm install`. We didn't catch it until it was too late.

I built Computer Police for our team to never be in this situation again.

It's designed to block that earlier. It runs a local registry proxy between your package manager and npm/PyPI, and stops confirmed-malicious packages before they touch disk.

It's deliberately narrow: malware only, no CVE scanning, no heuristics, no telemetry, no root, and removable with one command. Works locally, in CI, and in agent sandboxes.

https://computer.police.dev/

1 comment

[ 3.3 ms ] story [ 10.0 ms ] thread
Interesting. How long does it usually take for an attack to be identified and catalogued at OSV? Should this be used together with minimum release date?