The idea is quite simple: improve supply chain security by having a validated mirror of NPM, PyPI, Cargo, etc.
There's a lot of static and runtime behavioral analysis that can be done as a baseline but it will always be possible to bypass since it's a cat and mouse game. I'm therefore also looking into how tooling and maybe LLMs would be able to assist humans in reviews and allow better scaling.
Currently on the more academic stage of the project (research, talking to professors and connections in industry, etc.) to hopefully start off with a good design to iterate off of.
My reference for the project stems from what I saw in Huawei during my internship as they had quite a bureaucratic system to review dependencies and an internal "secure" mirror. The goal is to hopefully generalize it such that supply chain security is accessible to small/medium companies or even individuals.