Risk 01
The prompt is too thin
npx collapses install and execute, then asks yes or no with almost no context. That is the exact moment a pre-execution evidence gate belongs.
▸ The open-source package execution gate
Stop running blind npx commands
NPX is becoming a shared executable layer for humans and coding agents. Today the prompt is basically yes or no. safe-npx is a proposed open-source guardrail: resolve the exact bytes, show package evidence, surface risk, then decide before remote code runs.
$ safe-npx create-example@latest Package: [email protected] Integrity: sha512-... Published: 3 hours ago Dependencies: 87 resolved nodes Lifecycle scripts: postinstall Policy: ask before execution Recommendation: elevated risk Continue? [y/N]
I
The problem
The npx prompt asks for trust before it gives you evidence.
Theo's core complaint is simple: when npx is about to run remote code, it shows a package name and version, not the facts you need. Recent publisher, release age, package size, lifecycle scripts, obfuscation, typo-squat risk, and audit status should be visible before execution.
Risk 02
Humans and agents need structured risk
Developers need a readable summary. Coding agents need JSON policy output: allow, ask, or deny, with reasons they can surface to the user.
Risk 03
Package identity is fragile
Names get squatted, releases get compromised, maintainers make mistakes, and versions can be hard to unwind. The audit unit must include registry, package, version, tarball, integrity, and every dependency node.
II
The prototype
A narrow v0.1, not a grand registry rewrite.
The first version should be a local Rust CLI that delegates resolution to npm, inspects the package before execution, and makes the current NPX prompt useful for both humans and agents.
- Resolve exact root package version before execution
- Generate a dependency graph without running lifecycle scripts
- Verify integrity for every dependency node where available
- Show publisher, release age, package size, bins, scripts, and suspicious metadata
- Flag typo-squatting, recently changed packages, and obfuscated or bundled code
- Emit readable output for humans and JSON policy output for agents
- Delegate to npm only after policy or the user allows it
III
Register interest
I need this
Register if you want early access, want to review the threat model, or have package-manager, agent, or security workflows this should support.
IV
Sponsor development
For people and companies who want safer package execution to exist sooner.
Sponsor interest is for security teams, devtool companies, AI coding platforms, package infrastructure maintainers, and individuals who want the open-source CLI, registry audit trail, docs, and security review funded without turning safe-npx into a closed product.