Hacker News
Show HN: DepsGuard — One Command to Harden npm/pnpm/yarn/bun/uv Against Supply Chain Attacks
Arnica released DepsGuard, an MIT-licensed CLI tool that scans npm, pnpm, yarn, bun, and uv configs against supply chain security best practices and can apply fixes interactively. It also checks Renovate and Dependabot configs. Motivated by the March 2026 axios compromise where a hijacked maintainer account published malicious versions — configs with 7-day minimum release age would have blocked the attack. 34 points on HN.
↳ Follow the thread