· Field NotesJuly 11, 2026

A Safety Net for Every Package You Install

A free, one-click tool that checks every code package for threats before it reaches your computer — built for the era of AI that installs things on its own.

securityopen-sourceself-hostingworkflowvia github · @Thinkst

The thing that happened

Earlier this spring, someone pushed 637 malicious versions of developer tools across 314 packages — all within 22 minutes. Developers who ran a perfectly normal install command that morning had their machines silently infected before lunch.

This kind of attack is called a supply chain attack. It doesn't break into your systems directly. It hides inside something you trust and install yourself.

What Thinkst built

Thinkst — the same team behind those clever honeypot traps used by security professionals — just released a free tool called Package Proxy. The idea is elegant: instead of your computer downloading packages directly from the internet, it routes them through a small checkpoint first. That checkpoint inspects each one for known threats, and only lets the clean ones through.

No extra software to install on your machine. You point your tools at a new address, and the filter runs quietly in the background.

It lives on Cloudflare's free infrastructure, so there's no server to maintain and no monthly bill.

Why this matters for you

If your team uses AI coding assistants — the kind that write and run code on your behalf — those tools install packages constantly, often without asking. They're fast, which is the point. But fast also means they can pull in something dangerous before anyone notices.

This proxy sits between your tools and the internet and says not yet until it's had a look.

Quick glossary

Supply chain attack — Instead of hacking you directly, attackers hide malicious code inside a tool or library you'd normally trust and download yourself.

Package — A bundle of pre-written code that developers install to add features quickly, the way a chef might buy pre-made pastry dough rather than making it from scratch.

Proxy — A middleman that sits between you and the internet, inspecting or filtering traffic before it arrives.

Cloudflare Workers — A free platform that runs small programs at the edge of the internet, close to wherever you are, without needing your own server.

Worth thinking about

Ask whoever manages your tech: do we have anything checking packages before they're installed? If the answer is uncertain, this tool is a quiet, free place to start.

Check it out →

Written by David at AC0.AI. Follow on @ac0hero

Field Notes in your inbox

The AI tools and moves I actually use to win more business. A couple a week, nothing I haven't run myself.