HN Showcase
Back to browse
GitHub Repository

Install-time package hardening for pip, npm, cargo, go, gem, and Docker. Docker-first isolation. Zero dependencies.

1 starsPython

Safe-install – Docker-first install-time hardening for pip and NPM

by khaeldur·Mar 24, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainNiche Gem

Dockerizes pip builds to stop credential theft during install.

Strengths
  • Docker isolation prevents build scripts from accessing host SSH keys or env vars.
  • Heuristic scanning flags suspicious exfiltration patterns in setup.py before install.
  • Honest README clearly lists limitations like import-time attacks and binary blobs.
Weaknesses
  • Cargo, Go, and Gem adapters are experimental; only pip and npm are mature.
  • Cannot detect malicious code in compiled wheels or obfuscated import-time payloads.
Category
Security
Target Audience

Security-conscious developers, DevOps engineers

Similar To

Snyk · Sonatype IQ · pip-audit

Similar Projects

Security●●●Banger

NPM install is a security hole, so we built a guard for it

Blocks malicious packages at install-time before AI agents execute them on your machine.

Big BrainSolve My Problem
Sahil121
102mo ago
Security●●Solid

New NPM Supply chain Attack?

Docker isolation + tcpdump catches malicious npm installs before they touch your machine.

Solve My ProblemBig Brain
adamgonda
2024d ago