Refuse

About

Refuse operates as a protective layer for npm, pip, cargo, gem, go, and over thirteen other package managers. It intercepts and blocks installations of known vulnerable packages before they are written to disk, precisely when you or your automated coding agent executes them. The tool is open source, can be self hosted, and runs within a single Docker container.