Âõîä â Ëè÷íûé êàáèíåò
Åù¸ íå çàðåãèñòðèðîâàíû?
Ýòî áåñïëàòíî, áåç ñïàìà,
è çàéì¸ò âñåãî 1 ìèíóòó!
è çàéì¸ò âñåãî 1 ìèíóòó!
Initial sync is large. Use --depth shallow to mirror only direct dependencies of projects you actually use. 12. Final Words The software supply chain will never be perfectly secure. But it can be detectably insecure — and RepKG makes that detection automatic, local, and actionable.
curl -sSL https://repkg.io/bootstrap.sh | bash repkg mirror npm react npm config set registry http://localhost:4873 npm install react repkg verify --report RepKG – because your dependencies shouldn’t be a liability. Initial sync is large
Those are enterprise binary repositories. RepKG is focused on verifiability and offline reproducibility first , not RBAC or promotion workflows (though we may add those later). Final Words The software supply chain will never
Yes. Run repkg mirror against upstream registries yourself. The receipts are generated locally. Those are enterprise binary repositories
We are tired of fixing builds because a package vanished, or chasing CVEs that could have been caught at install time. RepKG is the tool we wished existed five years ago.
"name": "lodash", "version": "4.17.21", "algorithm": "sha256", "digest": "d8e...f3a", "source": "registry": "npm", "upstream_url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "fetched_at": "2025-02-10T12:34:56Z" , "signatures": [ "key": "repkg-mirror-01", "sig": "MEU..." , "key": "sigstore", "sig": "MEY..." ], "merkle_proof": "root=... path=...", "timestamp": "rfc3161-timestamp.der"