alt Hacker NewsAnthropic/OpenAI could own this space. They should offer a paid service that offers a mirror with LLM scanned and sandbox-evaluated package with their next gen models. Free for individuals, orgs can subscribe to it.
Replies
johndough • yesterday at 7:29 PM
Judging by curl shutting down its bug bounty program due to AI slop, a likely outcome would be that this mirror has no packages because they are all blocked by false positives.
firesteelrain • yesterday at 7:27 PM
Own what space ?
dmitrygr • yesterday at 10:43 PM
Detecting properly-written malicious code is undecidable. No amount of snake oil fixes that
andrepd • yesterday at 7:23 PM
Genuinely cannot tell whether this is satire.
OpenAI just acquired Astral who have an index service called pyx, so they would have a step up.
My understanding though is most corporations that take security seriously either build everything themselves in a sandbox, or use something like JFrog's Artifactory with various security checks, and don't let users directly connect to public indexes. So I'm not sure what the market is.