Computer Police is a local supply-chain firewall designed to prevent the installation of confirmed-malicious packages from npm and PyPI before they reach a user's system. It operates as a local registry proxy, intercepting install requests and blocking any package versions that are already listed as malware by public OSV advisories. This approach targets a specific security gap: existing tools often detect threats only after a package is installed, whereas Computer Police enforces protection at install time, reducing the risk of compromise from typosquats, hijacked maintainers, or dependency-confusion attacks.
The tool is intended for developers, CI/CD operators, and teams running agent sandboxes such as devcontainers, remote virtual machines, or GitHub Actions runners. It is particularly aimed at environments where AI coding agents or automated scripts frequently install packages without manual review. Computer Police is designed to be low-noise, focusing solely on blocking installs of packages with confirmed malware advisories, and does not perform vulnerability scanning, license checks, or heuristic analysis. Its blocking mechanism is strict: only installs that match a known OSV malware listing are denied, and all other installs pass through without interference.
Installation and setup are straightforward, requiring a single curl command with no need for root access, kernel extensions, or system proxies. Once enabled, package managers are pointed to a local proxy address, and the setup is reversible. Supported operating systems include macOS, Linux, and Windows. The tool works with a range of JavaScript and Python package managers, such as npm, yarn, pnpm, bun, pip, uv, poetry, pdm, and pipx, with plans to support additional ecosystems in the future.
Computer Police is open source, licensed under the MIT License, and developed by Vidoc Security. It runs entirely on the user's machine, with its only outbound network activity being the retrieval of public OSV malicious-package advisories. The tool collects no telemetry, analytics, or package information, prioritizing user privacy and local control.
In the Security & compliance platforms space, Computer Police takes a focused approach. It focuses on preventing installation of malicious packages from npm and PyPI in local and CI environments. Computer Police is an open-source project aimed at developers. The project is open source (MIT). It runs on the command line, macOS, Windows, and Linux.
Behind Computer Police is Vidoc Security, and the product first shipped in 2026. The project is developed in the open on GitHub with 90 commits in the last 90 days. Among its 5 catalogued features are malware blocking, registry proxy, and CI/CD integration.
Latest indexed changes and source events
Show HN: Computer Police – block malicious NPM/pip installs locally verified by the PulseGate indexer
Other apps tracked under the same category.