We’re using an internal package repository that acts as a gateway to the public package repositories, except it can have custom rules such as “min release age 30 days”, and can also give logs about which projects have actually downloaded a specific version.
It’s so much overhead and auditing to enforce compliance across the thousands of node microservices though.
I’ve been doing pentesting with LLMs for a while and only hit a few “nope I won’t do that” and one “this conversation is flagged for being against the TOS”. No idea what the guardrails are but they are trivially abused
I actively support “my boss” to run Claude Code. I offered them to help and made jokes it’s so easy these days they might as well just call Claude Code themselves. I’ve shown I could plop in their documents of feedback and Claude fixed the issues.
I have worked with non-tech employees to set up Claude to help them do small tasks. I’ve helped to review and improve completely vibe-coded projects by such employees.
I’m not sure what my role will be, but I fully embrace that my traditional role of writing code is gone.
All major Node package managers should support it by now.
Prom was the best IIRC, yarn second, but even npm is catching up
reply