Chainguard Launches Repository To Secure Dependencies

Chainguard on Tuesday launched Chainguard Repository, a unified, secure-by-default repository for open-source artifacts to combat dependency sprawl driven by AI coding agents. The service is available today for JavaScript with over 70,000 Chainguard-built npm packages, SLSA Level 3 builds, and a seven-day malware cooldown, with Python, Java, containers, and additional policies planned later this year. The product enforces policies at consumption to reduce insecure versions and malware.