Comment by ashishbijlani

This is a great initiative. Thanks for sharing! I will use it to create my personal cache of package registries (beyond obvious advantages of caching, it can also mitigate typo-squatting attacks).

BTW, if there's an interest, I'd love to collaborate and integrate Packj [1] audit for malware scans.

1. Packj (https://github.com/ossillate-inc/packj) detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).