Show HN: Runtime and install-time enforcement for NPM dependencies`
Category: security
Tags: supply-chain-security, npm-security, behavioral-enforcement
Score: 7.0/10 (Innovation: 6, Technical: 8, Documentation: 7, Utility: 7)
Kratex is an open-source tool that enforces security policies on Node.js dependencies at both install and runtime, blocking malicious behavior like credential exfiltration and lifecycle script abuse. It addresses the blind spot of static scanners by monitoring actual package behavior, offering content-based blocking without relying on known vulnerability databases.
Target audience: backend devs, devops, security engineers
Repository: https://github.com/kratex-security/kratex · TypeScript · Apache-2.0 · 1 stars
View on Hacker News