Show HN: Computer Police – block malicious NPM/pip installs locally (opens in new tab)

(computer.police.dev)

1 pointskannthu4d ago1 comments

A couple of months ago, our team got hit by the first version of Shai-Hulud through a random `npm install`. We didn't catch it until it was too late.

I built Computer Police for our team to never be in this situation again.

It's designed to block that earlier. It runs a local registry proxy between your package manager and npm/PyPI, and stops confirmed-malicious packages before they touch disk.

It's deliberately narrow: malware only, no CVE scanning, no heuristics, no telemetry, no root, and removable with one command. Works locally, in CI, and in agent sandboxes.

https://computer.police.dev/

1 comments

hootz4d ago

Interesting. How long does it usually take for an attack to be identified and catalogued at OSV? Should this be used together with minimum release date?

j / k navigate · click thread line to collapse