Show HN: Vetpkg.dev – open-source Package Security Dashboard

1 point

a year ago

Hello HN! I want to share a new open source project I built. https://vetpkg.dev/ The goal is to provide a single view for developers and security engineers with all the information they need to make a decision about safety of an open source package.

As the developer of https://github.com/safedep/vet, I often get feedback from users that installing and setting up vet in CI/CD with custom policies takes time. A web page using which anyone can quickly see package security metadata is a good start for engineers to quickly get new OSS packages approved internally.

vetpkg.dev is open source, developed at https://github.com/safedep/vetpkg.dev It is a simple frontend over APIs that we built by aggregating public and private data sources on OSS package security and code analysis.

vetpkg.dev also aggregates data from our OSS package code analysis tool that we run on all new PyPI and npm packages to proactively detect malicious code.

Love to hear if it helps you make a decision about adopting OSS packages quickly within your SDLC.