Security●●Solid
I built a Cargo supply chain auditor using Claude and GitHub Actions
Tarball diffing plus Claude analysis catches build.rs backdoors cargo-audit misses.
Big BrainSolve My Problem
T-RN-R
302mo ago
Back to browse
GitHub Repository
yoink is an AI agent that removes complex dependencies by reimplementing only what you need.
33 starsPython
Yoink functionality from dependencies and avoid supply chain attacks
by kstonekuan·Apr 5, 2026·3 points·0 comments
AI Analysis
●●SolidBig BrainBold Bet
Reimplements dependency functions locally with test verification, challenging the "dependencies are good" mantra.
Strengths
- •Curating tests against original expectations before rewriting ensures strict behavioral parity locally.
- •Three-step agent workflow separates scaffolding, testing, and decomposition steps very cleanly.
- •Reduces attack surface significantly by removing opaque third-party code dependencies entirely.
Weaknesses
- •AI-generated replacements likely lack edge-case handling found in mature battle-tested libraries.
- •Maintenance burden shifts entirely to you when upstream fixes security bugs.
Category
Target Audience
Backend developers concerned about supply chain security
Similar To
Cursor · Snyk · Codemod
Post Description
yoink is a Claude Code plugin that removes complex dependencies from your codebase by reimplementing only the functions you actually use.
yoink runs as a three-step, agent skills-based workflow:
1. /setup clones the target repo and scaffolds a replacement package.
2. /curate-tests generates tests verified against the original's expectations.
3. /decompose determines dependencies to keep or decompose based on principles such as "keeping foundational primitives regardless of how narrow they are used".
We built yoink in response to the five major supply chain attacks that happened in two weeks, including LiteLLM and axios. We install most of these packages without thinking twice.
Andrej Karpathy recently called for re-evaluating the belief that "dependencies are good". OpenAI echoed this in their harness engineering article: agents reason better from reimplemented functionality they have full visibility into, over opaque third-party libraries.
yoink makes this capability accessible to anyone.
Refer to the GitHub repo to install the plugin to Claude Code: https://github.com/theogbrand/yoink
Love to hear what you think!
Similar Projects
Security●Mid
Pqurp – Quarantine Window for Packages to Prevent Supply Chain Attacks
Speculative protocol for package quarantine without a reference implementation or registry buy-in.
Bold Bet
exec7
501mo ago
Security●●Solid
Pytest tests catching Python supply chain attacks (litellm .pth vector)
Catches .pth injection vectors from the litellm attack when Snyk and Dependabot miss them.
Dark HorseSolve My Problem
qualitymax
202mo ago
Security●●Solid
Scanner to check if you are affected by the axios supply chain attack
Forensic triage CLI with verdict system for axios IOC detection.
Solve My ProblemShip It
aeneas_ory
202mo ago
Developer Tools●●Solid
Rainy Updates – local-first dependency and supply-chain review for CI
Deterministic dependency review with cross-stack scanning, but Dependabot, Snyk, and Renovate dominate CI dependency automation.
Big BrainNiche Gem
ferxalb
113mo ago
Security●Mid
I built an AI-agent skill to audit supply-chain attack exposure
Dependabot already does this without the AI agent overhead.
Ship It
WasimBhai
1020d ago