Computer Police - 惯性聚合

推荐订阅源

IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog

Privacy & Cybersecurity Law Blog

Threat Intelligence Blog | Flashpoint

宝玉的分享

Proofpoint News Feed

Help Net Security

Visual Studio Blog

阮一峰的网络日志

人人都是产品经理

Know Your Adversary

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Recorded Future

罗磊的独立博客

The Exploit Database - CXSecurity.com

Blog — PlanetScale

Tor Project blog

Vulnerabilities – Threatpost

Stack Overflow Blog

Future of Privacy Forum

The Hacker News

博客园 - 【当耐特】

CXSECURITY Database RSS Feed - CXSecurity.com

Threat Research - Cisco Blogs

Cisco Talos Blog

博客园 - 三生石上(FineUI控件)

Last Week in AI

CTFtime.org: upcoming CTF events

MIT News - Artificial intelligence

Darknet – Hacking Tools, Hacker News & Cyber Security

The Cloudflare Blog

The GitHub Blog

博客园 - 聂微东

Full Disclosure

CERT Recently Published Vulnerability Notes

Hacker News: Show HN

Show HN: From one Claude agent to a fleet – in five small steps Show HN: Canonry tracks how AI cites you – agent-first, open source Sound Test Online – Check Speakers & Headphones Slick – Fast, Private, and Reliable Search GitHub - securient/ideviewer-oss: Security scanner for developer workstations — detects IDE extension risks, AI tool permissions, plaintext secrets, and vulnerable dependencies across VS Code, Cursor, JetBrains, and more. Show HN: Agent.email – sign up via curl, claim with a human OTP ClarityHoop | Executive Communication Mastery Show HN: Write your BPF programs in Go, not C GitHub - Userfrom1995/benchd: BenchD is a browser-based CPU benchmark that runs fully on the client. GitHub - LeoStehlik/proof-loop: Repo-local verification protocol for AI coding agents: acceptance criteria, separate verifier roles, proof artifacts, and evidence-backed done claims. Show HN: Free One-shot cloud agents with OpenCode and Daytona and Cloudflare npmfind Parseflow Segment Tree — Algorhythm GitHub - verdverm/pge-jax: Jax implementation of the PGE algorithm (Prioritized Grammar Enumeration) Show HN: GitVitae – Free hosted portfolio and resume for anyone GitHub - wavever/buildby: Detect whether desktop apps are built with Electron, Flutter, Tauri, Qt, .NET, JVM, CEF, or native code. boku — YAML task runner Show HN: Darc – grep-like memory search tool for coding agents Mixpanel Headless - Mixpanel Docs Show HN: A demo video of Effected Keyboard 2 Introducing Open Public awesome-skills/gtm-mavericks at main · conductor-oss/awesome-skills Show HN: ATM, a tiny terminal task manager for local coding agents Freenet Workspace Show HN: AI Manager Show HN: SubTrack – Find forgotten subscriptions via bank transaction scanning Show HN: We dropped Go for Rust in our real-time telephony AI media plane Show HN: I Dedicated 4 Years to Mastering Offline Password Cracking Home — Noada Show HN: I Made a Claude Skill for SDD Show HN: Twixt – transform one word into another in four moves Show HN: Daily word puzzle game based on polysemy GoKubeDownscaler: Reduce Kubernetes Costs Off-Hours GitHub - openclaw-easy/ViralMint: Open-source viral content pipeline — scout trends, analyze competitors, generate AI videos, auto-publish. AGPL-3.0. GitHub - baidu-baige/LoongForge: A modular, scalable, high-performance training framework for LLMs, VLMs, diffusion, and embodied models. Show HN: (Better) Chrome Tab Manager Show HN: SoMatic – Vision-based OS automation framework for AI agents Physics AI – Free Physics Solver Online (Step-by-Step) SUPPLYCHAIN.FAIL — Open Source Vulnerability Timeline PocketWebTools GitHub - mirshko/boatswain: A macOS menu bar app for Fathom Analytics. Keep an eye on your site stats without ever leaving your keyboard. What does your investment actually buy? — Post-Money SAFE Calculator GitHub - vipulawl/claude-tips: Customize Claude Code spinner tips with live jokes, quotes, facts, or your own content GitHub - changespec/spec: ChangeSpec: open specification for software change communication Show HN: I built a private, manual 0% balance transfer tracker 3.125-Bit LLM quantization bypassing tensor cores Medical curiosities | Thomas Morris FlutterTime ~ Timezone Planner Steam 上的 Junebug GitHub - Helvesec/rmux: Universal Rust multiplexer with a typed SDK — drive any CLI or TUI app from code. Native on Linux, macOS, and Windows. GitHub - manas15/try-on: LiveLook — Real-time virtual try-on with gesture control, powered by Decart's Lucy VTON model GitHub - vitalysim/the-knowledge-guy: Turn any PDF or EPUB into a structured Claude Code skill - then ask your whole bookshelf a single question. Gemini Omni Flash AI Video Generator | Free Online GitHub - elliotgao2/handsets: A high-performance Android control CLI, built for agents and humans GitHub - enzoferraripapa-arch/ai-vprocess-ops: Engineering memory for AI coding agents: requirements, decisions, evidence, traceability, and V-process/ALM handoff Show HN: Dokkaebi – Run your WASM backend directly on the client side Send messages beyond your lifetime SkinMax App | Your Personal Skin Care Coach GitHub - kmdupr33/fks2g: A CLI for generating LLM-backed metrics for deciding how closely to review code ISS QuietGPT - Make ChatGPT Reply Smaller GitHub - Quintisimo/macfigure: Mac configuration in pkl. Simple alternative to nix-darwin Show HN: SafeRun – Replay debugging and inline prevention for AI agents 3 GitHub - sathvikc/agent-chat-bridge: Turn any AI agent chat session into an async agent. Register a timer, shell command, or webhook — the bridge automatically resumes the session with your prompt when the trigger fires. SnapAPI - Website Screenshot & Data Extraction API Introducing @cipherstash/stack Show HN: E2E Encrypted Terminal Screen Share Windows 98½ Show HN: SafeRun – Replay debugging and inline prevention for AI agents 2 Show HN: My custom Statusline for Claude Code (Python wrapper around claudeline) GitHub - kageroumado/phosphene: A video wallpaper engine for macOS Tahoe Best Remote Jobs — Work From Home | RemoteJobs.place udoc Free AI Rewriter - Revise GitHub - arashThr/hugo-flow: Simple rich-text CMS for Hugo weblogs. Try at https://hugo.arashtaher.com GitHub - light-cloud-com/ice: Free, open-source, visual studio for cloud infrastructure for macOS, Windows & Linux. GitHub - kouhxp/yapsnap: Snap any video URL or audio file into plaintext. No GPU. No cloud. One command. What if we made SIMA2 from Temu iPhone 版“Today” - App Store Runo - Web Scraping API | Any URL to Typed JSON Show HN: AI Editor for Websites GitHub - AdamGonda/ward: Run [ npm i ] safely, audit installs inside a docker container. The Crucible — 8 voices, one verdict Screenshot 2026 05 20 at 4 03 10 PM — Postimages Show HN: Chess Puzzles, but for Developers Show HN: I built Istanbul live transit map Show HN: Agent.email – sign up via curl, claim with a human OTP GitHub - mfairley/expo-callkit-telecom: 📞 CallKit + Core-Telecom for React Native + Expo. A modern react-native-callkeep alternative. I tried 4 LLM speedup techniques on CPU. Three made it slower. Show HN: I made a tool for learning scales, chords, and how to combine them Learn how to build AI products through practice 1 BTC = 17.17 troy oz of gold · Bitcoin Weigh-In p-Hacker — top trending Client Challenge hty GitHub - Artain-AI/ignite-ms: Fast self-hosted embedding engine for search, RAG, and reindexing workloads on NVIDIA GPUs. Built in Rust + TensorRT for teams that care about scale, cost, and control. GitHub - mupt-ai/dari-docs: optimize your documentation through fleets of agents GitHub - dcostenco/prism-coder: The Mind Palace for AI Agents - HIPAA-hardened Cognitive Architecture with on-device LLM (prism-coder:7b), Hebbian learning, ACT-R spreading activation, adversarial evaluation, persistent memory, multi-agent Hivemind and visual dashboard. Zero API keys required.

Computer Police

kannthu · 2026-05-22 · via Hacker News: Show HN

A LOCAL SUPPLY-CHAIN FIREWALL

Stop agents from installing malware.

Computer Police is a local registry proxy that blocks confirmed-malicious npm and pip installs before they touch your disk. For developers, CI, and coding agents.

curl -fsSL https://computer.police.dev/install | bash
computer-police install

Open source · MIT · macOS, Linux, Windows · by Vidoc Security

Registries

npm · pypi · others

Inspect install request

Match against OSV malware feed

Block · pass through · log

Claude Code

Codex

OpenCode

Your shell

Every npm install, pip install, or uv add from any of these routes through Computer Police first.

THE PROBLEM

Why this exists.

01
Agents install packages you never reviewed.

Claude Code, Codex, Cursor, OpenCode, custom harnesses — they all call npm install and pip install on your behalf, dozens of times a day. You see the diff after the fact, if at all.
02
Real malware ships on real registries, weekly.

npm and PyPI publish malicious packages on a steady cadence. Typosquats, hijacked maintainers, dependency-confusion. The window between publication and detection is small — but it is wide enough to compromise a laptop.
03
Existing tools run too late.

Audits, lockfile scans, and CVE dashboards see the package after it is already on disk and possibly already executed via a lifecycle script. The block has to happen at install time.

WHO IT'S FOR

Built for three jobs.

Developers using AI coding agents

You let Claude Code, Codex, Cursor, or OpenCode install whatever it needs. You want a safety net that does not slow you down or cry wolf.

CI/CD operators

Every PR runs npm ci, pip install, or uv sync. You want supply-chain protection without changing the build.

Teams running agent sandboxes

Devcontainers, remote VMs, GitHub Actions runners. Bake protection into the image once and forget about it.

HOW IT WORKS

Three steps. No agent changes.

1. Install

One curl command. No root, no kernel extension, no system proxy.
```
curl -fsSL https://computer.police.dev/install | bash
```
2. Enable

Points your package managers at 127.0.0.1:4873. Reversible.
```
computer-police install
```

3. Forget about it

Allowed installs pass through. Confirmed malware gets a 403.

$ npm install some-known-malicious-package@1.2.3
npm error code E403
npm error 403 403 Forbidden - GET http://127.0.0.1:4873/...
npm error 403 blocked by computer-police: OSV MAL-2026-XXXX

$ computer-police ledger list --limit 3
15:27  bun   left-pad                  CAUGHT
15:25  npm   @playwright/mcp           BLOCK
15:22  npm   react                     OK

DESIGN GOAL

Low noise. One job.

Not a vulnerability scanner.
Not a license scanner.
Not a static analyzer.
Not a "this package looks suspicious" heuristic.

If Computer Police blocks an install, the package version is already listed as malware by a public OSV advisory. No noise, no false alarms.

PRIVACY & TRUST

Local-first by design.

Everything runs on your machine. The only outbound network call is fetching the public OSV malicious-package advisory snapshot. No telemetry. No analytics. No package names, lockfiles, or install history leaving your machine.

Open source · MIT No root required Reversible Zero external Go deps

COVERAGE

Works with your stack.

Status	Ecosystem	Package managers
Supported	JavaScript · TypeScript · Node	`npm` · `yarn` · `pnpm` · `bun`
Supported	Python / PyPI	`pip` · `uv` · `poetry` · `pdm` · `pipx`
Planned	Conda, Ruby, PHP, Rust, Go, JVM, .NET	See roadmap

Install Computer Police.

One curl. Safe to try. Removable with computer-police uninstall.

curl -fsSL https://computer.police.dev/install | bash
computer-police install

GitHub repository · Latest release · Security disclosures

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。