Show HN: DepsGuard – one command to harden NPM/pnpm/yarn/bun/uv configs

Category: security

Tags: supply-chain-security, cli-tool, rust, nodejs, package-manager

Score: 6.5/10 (Innovation: 5, Technical: 6, Documentation: 8, Utility: 7)

DepsGuard is a cross-platform Rust CLI tool that scans and hardens configuration files for multiple JavaScript/Node.js package managers (npm, pnpm, yarn, bun) and Python's uv against supply chain attacks. It provides an interactive TUI to review and apply security-focused configuration changes with automatic backups, addressing a clear and growing need in the software supply chain security space.

Target audience: backend devs, devops, security engineers

Repository: https://github.com/arnica/depsguard · Rust · MIT · 122 stars

View on Hacker News