Show HN: Pqurp – Quarantine Window for Packages to Prevent Supply Chain Attacks

Category: security

Tags: supply-chain-security, package-management, protocol

Score: 5.0/10 (Innovation: 7, Technical: 3, Documentation: 5, Utility: 5)

Pqurp proposes a quarantine window protocol for package registries to prevent supply chain attacks by delaying distribution of new releases, while allowing urgent security fixes with user opt-in. It addresses a real security gap in package management but is currently a draft spec with no implementation.

Target audience: security engineers, package maintainers, registry operators

Repository: https://github.com/melbahja/draft-pqurp

View on Hacker News