Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What would be the required budget to host an alternative registry? I'm surprised any GAFAM still hasn't stepped-in and started building their alternative, at least for NPM to up its game in order not to become completely irrelevant.


at amazon, they maintain a private internal registry of packages with approved licenses and audits. this has been in place for several years. i assume other big corps enforce similar policies


Do you know if they are using any product like JFrog for this or rolling their own?


This is Amazon, the company where the stuff they rolled their own now makes more money than the business it was rolled for: https://aws.amazon.com/codeartifact/


If your company not running an internal proxy at minimum you're stupid - you have no audit function for what libraries are being pulled.


Not every company has tons of available funds to run 300 different internal services to "protect" itself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: