Can NPM, pnpm etc. use frontier models to check packages for malware?
Just a thought. This seems like something that should happen This is essentially what some 3rd party vendors do, which is why supply chain malware is typically found in hours now and not weeks. The reason why npmjs, pypy and other public registries don't do this is because it would likely 10x+ the cost of their infrastructure while not bringing in much new revenue. It's also potentially orthogonal to paint customers needs since it could likely lead to downtime or at least block new releases going out Surely Microsoft would already be doing this extensively across GitHub, NPM, NuGet etc... Yes, users don't need copilot (the desktop version), they need to not get malware Hii