Package Managers need global hooks
5 days ago
- #security
- #package-manager
- #hooks
- Proposal for package managers to support global hooks to enhance security and automate defenses.
- Current countermeasures include dependency cooldowns, policies, and package management firewalls with limitations.
- Global hooks would allow custom checks, like malware scanning or policy enforcement, at various workflow stages.
- Existing hook systems (e.g., in pnpm, Paru, yay) are limited (per-workspace or not globally configurable).
- Call to action: Developers should request global hook support from their package managers (examples provided for pnpm, uv).