Skip to content
/ sip Public

Secure, cross-language CLI tool for safely installing packages

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

exekis/sip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
bash
bash
 
 
config
config
 
 
environments
environments
 
 
markdown
markdown
 
 
registry
registry
 
 
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

sip

sip (Safe Install Proxy) is a secure, cross-language CLI tool for safely installing packages from curated, verified registries. It wraps native package managers like pip, cargo, and go to prevent supply chain attacks.

Installation

git clone git@github.com:exekis/sip.git # or replace with https
cd sip
cargo build
cargo install --path .

Quickstart

sip install requests --lang python

Goals

  • Have a community maintained repo of trusted packages and libraries, with a safety score
  • Trusted packages repo, containing verified packages (verified users can vote for safe packages, this increases the trust score)
  • sip stops and warns the users before installing any unverified packages
  • Prevent typosquatting
  • Support Python, Rust, Go, and more

Status

MVP bootstrap in progress.

About

Secure, cross-language CLI tool for safely installing packages

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages