Refuse
Block vulnerable package installs for you and your AI
72 followers
Block vulnerable package installs for you and your AI
72 followers
Refuse sits in front of npm, pip, cargo, gem, go + 13 more package managers and refuses known-vulnerable installs before they hit disk β the moment you (or your coding agent) run them. Also, Open-source, self-hostable, one Docker container.





Refuse
@gok03Β The "agents pin old versions from training data" point is the part everyone's missing. watched Claude Code confidently install something ancient more than once. catching it at install instead of after it's on disk is the whole game. following.
Nice launch. The no agent override bit is the right instinct.
Iβd want a small receipt when something is blocked or a human overrides it: package, version, CVE/source, who approved, and what changed next. Are overrides repo policy, or an explicit approval event?