Hello, and what we're building

Draft / sample post — replace or rewrite before launch.

Every npm install, pip install, and docker pull reaches past your perimeter and runs third-party code on your developers’ machines and in your builds. Your network firewall never sees it. Scanners tell you what’s wrong after the fact — but nothing stops a bad package at the door.

Yellow Jack is the door. It’s a package firewall: a deterministic gate that inspects open-source packages at the moment they’re pulled and either allows them through or blocks them, based on a transparent policy.

Where we are

We’re early, and we’re building in the open. The first piece is an npm firewall/proxy: point your package manager at Yellow Jack, and every package — including transitive dependencies — passes through the same checkpoint.

What’s next

• Expand beyond npm to PyPI and Docker/OCI.
• Write-ups here on real-world supply-chain attacks and what would have stopped them.
• A clear, public view of our roadmap as it firms up.

If you’d like to follow along or get in touch, email hello@yellowjack.io.