Can NPM, pnpm etc. use frontier models to check packages for malware?
4 pointsby VikRubenfeld7 hours ago3 comments
  • twunde4 hours ago
    This is essentially what some 3rd party vendors do, which is why supply chain malware is typically found in hours now and not weeks.

    The reason why npmjs, pypy and other public registries don't do this is because it would likely 10x+ the cost of their infrastructure while not bringing in much new revenue. It's also potentially orthogonal to paint customers needs since it could likely lead to downtime or at least block new releases going out

  • benoau7 hours ago
    Surely Microsoft would already be doing this extensively across GitHub, NPM, NuGet etc...
    • SpyCoder772 hours ago
      Yes, users don't need copilot (the desktop version), they need to not get malware
  • lalsanhim7 hours ago
    Hii