Show HN: Safe-install – safer NPM installs with trusted build dependencies

Category: security

Tags: npm, security, supply-chain, install, typescript

Score: 4.8/10 (Innovation: 4, Technical: 4, Documentation: 6, Utility: 5)

Safe-install provides a wrapper around npm install that disables lifecycle scripts by default and only runs them for explicitly trusted dependencies, addressing a known supply-chain security concern. It offers a practical incremental improvement over manual ignore-scripts configuration, making the trust decision explicit and version-controlled.

Target audience: backend devs, devops

Repository: https://www.npmjs.com/package/@gkiely/safe-install · JavaScript · MIT

View on Hacker News