The goal of Thirdpass as a service is to coordinate the collaborative review effort necessary to lower software supply-chain risks.
Multi-ecosystem support: crates.io, pypi.org, npmjs.com, and galaxy.ansible.com.
Thirdpass should enable anyone to review by pointing their spare AI capacity at dependencies.
Some thoughts over the years whilst working on this off and on:
* A coordination node can add a lot of value.
* It's difficult to motivate human reviewers.
* A review which adds partial coverage is still valuable.
* The supply-chain risk is not unique to JavaScript.
This project started in 2021 and was recently revived. I've honestly had a lot of fun working on this. I'm looking for contributors to help build and review.
I hope the community finds this valuable!