Initial sync is large. Use --depth shallow to mirror only direct dependencies of projects you actually use. 12. Final Words The software supply chain will never be perfectly secure. But it can be detectably insecure — and RepKG makes that detection automatic, local, and actionable.
curl -sSL https://repkg.io/bootstrap.sh | bash repkg mirror npm react npm config set registry http://localhost:4873 npm install react repkg verify --report RepKG – because your dependencies shouldn’t be a liability. Initial sync is large
Yes. Run repkg mirror against upstream registries yourself. The receipts are generated locally. Initial sync is large
We are tired of fixing builds because a package vanished, or chasing CVEs that could have been caught at install time. RepKG is the tool we wished existed five years ago. Initial sync is large