alt.hn

7/1/2026 at 8:51:47 PM

Show HN: CLI that helps AI agents avoid vulnerable dependencies

https://github.com/clidey/deptrust

by modelorona

7/3/2026 at 1:15:38 PM

I use Aikido safe chain, how does this compare? https://www.npmjs.com/package/@aikidosec/safe-chain

by brianjking

7/3/2026 at 1:24:41 PM

From what I see Aikido safe chain wraps the actual executable for npm, pnpm, pip etc with a proxy server that intercepts the requests to it and checks them.

deptrust does not wrap any executable and queries the advisory and package information directly. My goal with it was more focused on using it in Claude Code/Codex.

by modelorona

7/3/2026 at 12:03:58 AM

If this was a claude plugin with a hook on my dep files, I'd be in.

by scottcodie

7/3/2026 at 9:05:25 AM

I've added a hook that can be installed for Claude and Codex.

by modelorona

7/4/2026 at 8:35:11 AM

[dead]

by pgsql-dev