| Hello, The goal of Thirdpass as a service is to coordinate the collaborative review effort necessary to lower software supply-chain risks. Multi-ecosystem support: crates.io, pypi.org, npmjs.com, and galaxy.ansible.com. Thirdpass should enable anyone to review by pointing their spare AI capacity at dependencies. Some thoughts over the years whilst working on this off and on: * A coordination node can add a lot of value. * It's difficult to motivate human reviewers. * A review which adds partial coverage is still valuable. * The supply-chain risk is not unique to JavaScript. This project started in 2021 and was recently revived. I've honestly had a lot of fun working on this. I'm looking for contributors to help build and review. I hope the community finds this valuable! https://github.com/thirdpass-org/thirdpass https://thirdpass.dev/ |