Show HN: TimeLock NPM Registry https://ift.tt/9ukx5m7

Show HN: TimeLock NPM Registry Hi, everyone! I built a TimeLock NPM Registry to prevent supply chain attack. I was inspired by minimumReleaseAge of the pnpm, but I'm using bun for my projects. TimeLock NPM Registry is an alternative npm package registry focused on supply chain security. Its core feature is introducing a time lock before new package versions become available for installation. This protects developers from compromised releases: while packages are “on hold,” the community and security tools have time to detect and block malicious code. Why it matters Reduces the risk of installing malicious packages. Lets you “wait out” 24 hours or more before updating. Increases trust in dependencies and builds. How it works A package author publishes a new version. TimeLock NPM Registry places it into a pending state for a set duration (e.g., 24 hours). Only after the timer expires does the package become available for installation. Tech stack — Cloudflare Workers, Honojs. https://ift.tt/gNyfZM8 October 2, 2025 at 04:11AM

No comments:

Show HN: An assertion library for E2E testing and real user monitoring https://ift.tt/Lnj6Av0

Show HN: An assertion library for E2E testing and real user monitoring https://ift.tt/BWaxXUF July 3, 2026 at 03:30AM