Can NPM, pnpm etc. use frontier models to check packages for malware?

5 points by VikRubenfeld 9 days ago | 4 comments

Just a thought. This seems like something that should happen

twunde 9 days ago |

This is essentially what some 3rd party vendors do, which is why supply chain malware is typically found in hours now and not weeks.

The reason why npmjs, pypy and other public registries don't do this is because it would likely 10x+ the cost of their infrastructure while not bringing in much new revenue. It's also potentially orthogonal to paint customers needs since it could likely lead to downtime or at least block new releases going out

benoau 9 days ago |

Surely Microsoft would already be doing this extensively across GitHub, NPM, NuGet etc...

SpyCoder77 9 days ago | |

Yes, users don't need copilot (the desktop version), they need to not get malware

lalsanhim 9 days ago |

Hii