HN Showcase
Back to browse
Computer Police – block malicious NPM/pip installs locally

Computer Police – block malicious NPM/pip installs locally

by kannthu·May 21, 2026·1 point·2 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemDark Horse

Local proxy blocking malware installs before they touch disk.

Strengths
  • Intercepts installs at network layer before execution or disk write.
  • Works with any agent (Claude Code, Cursor) without configuration changes.
Weaknesses
  • Only blocks known OSV-listed malware, not zero-day threats.
  • Requires modifying package manager config to point to local proxy.
Category
Security
Target Audience

Developers using AI coding agents

Similar To

Socket.dev · Snyk · npm audit

Post Description

A couple of months ago, our team got hit by the first version of Shai-Hulud through a random `npm install`. We didn't catch it until it was too late.

I built Computer Police for our team to never be in this situation again.

It's designed to block that earlier. It runs a local registry proxy between your package manager and npm/PyPI, and stops confirmed-malicious packages before they touch disk.

It's deliberately narrow: malware only, no CVE scanning, no heuristics, no telemetry, no root, and removable with one command. Works locally, in CI, and in agent sandboxes.

https://computer.police.dev/

Similar Projects

Security●●●Banger

NPM install is a security hole, so we built a guard for it

Blocks malicious packages at install-time before AI agents execute them on your machine.

Big BrainSolve My Problem
Sahil121
102mo ago