Chainguard Launches Repository To Secure Dependencies
Chainguard on Tuesday launched Chainguard Repository, a unified, secure-by-default repository for open-source artifacts to combat dependency sprawl driven by AI coding agents. The service is available today for JavaScript with over 70,000 Chainguard-built npm packages, SLSA Level 3 builds, and a seven-day malware cooldown, with Python, Java, containers, and additional policies planned later this year. The product enforces policies at consumption to reduce insecure versions and malware.
Key Points
- 1Announces Chainguard Repository, unified secure repository serving 70,000 npm packages, SLSA Level 3 builds
- 2Highlights agents' outdated training data causing default to older insecure library versions, accelerating dependency sprawl and risk
- 3Enables security teams to enforce consumption-time policies, bypass cooldowns for critical CVEs, and reduce malware exposure
Scoring Rationale
High practical impact and strong coverage for supply-chain security, limited by vendor-specific solution and modest technical novelty.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
