Show HN: Computer Police – block malicious NPM/pip installs locally (computer.police.dev)
A couple of months ago, our team got hit by the first version of Shai-Hulud through a random `npm install`. We didn't catch it until it was too late.
I built Computer Police for our team to never be in this situation again.
It's designed to block that earlier. It runs a local registry proxy between your package manager and npm/PyPI, and stops confirmed-malicious packages before they touch disk.
It's deliberately narrow: malware only, no CVE scanning, no heuristics, no telemetry, no root, and removable with one command. Works locally, in CI, and in agent sandboxes.
1 comment
[ 3.3 ms ] story [ 10.0 ms ] thread