Skip to content
@RefuseHQ

Refuse

Open source security service for package installers
README.md

RefuseHQ

Gate every npm install, pip install, and cargo add — including the ones your AI agent runs — against the world's CVE feeds before they reach your disk.

refuse-cli refuse server License: Apache-2.0

$ npm install lodash@4.17.10
refuse: blocked — CVE-2019-10744 (high)
        Prototype pollution in lodash <= 4.17.11
        suggested safe version: 4.17.21

What we ship

Project What it is Status
refuse-cli PATH shim that wraps npm, pnpm, yarn, pip, cargo, gem, bun, go — refuses to install packages with known CVEs. Also a Claude Code PreToolUse hook. Alpha
refuse Self-hostable HTTP server (Hono + SQLite) that ingests OSV, CISA KEV, FIRST EPSS, GHSA, deps.dev, Wolfi and answers /api/v1/check/*. Ships as ghcr.io/refusehq/refuse. Alpha
homebrew-tap Homebrew tap. brew install refusehq/tap/refuse. Tracks every refuse-cli release

The CLI talks to the server. Both are Apache-2.0. A hosted variant lives at refuse.dev for teams that don't want to run their own backend.

Install in 30 seconds

macOS

brew install refusehq/tap/refuse

Linux

curl -sSL https://raw.githubusercontent.com/RefuseHQ/refuse-cli/main/scripts/install.sh | sh

Windows (PowerShell)

irm https://raw.githubusercontent.com/RefuseHQ/refuse-cli/main/scripts/install.ps1 | iex

From source (any platform with Go ≥ 1.21)

go install github.com/RefuseHQ/refuse-cli/cmd/refuse@latest

Then:

refuse init           # point at a server, paste an API key
refuse install        # drop shims into ~/.refuse/bin
npm install express   # routed through the gate transparently

Where this matters

  • On a laptop. Every npm install, including the ones your IDE's agent runs without asking, gets vetted first.
  • In CI. Add refuse check-lockfile to a workflow step — a bad transitive dep fails the build instead of shipping to prod.
  • In a Dockerfile. Layer install steps go through the same gate; container builds stop at the vulnerable line.

The server is the slow, careful part — pulling vulnerability feeds, computing severity, suggesting safe versions. The CLI is the fast, dumb part — parse argv, ask, allow or block.

Self-hosting

The whole server is one container, zero external services, embedded SQLite:

docker run --rm -p 8080:8080 ghcr.io/refusehq/refuse:latest
refuse config set server_url http://localhost:8080

See refuse/docs/self-hosting.md for the production walkthrough (persistent volume, API-key lockdown, GHSA token).

Contributing

PRs welcome — particularly for new package managers, new agent hooks, and new ingestion sources. Each repo has its own CONTRIBUTING.md. Bugs and feature ideas go in the relevant repo's issues; security reports go through GitHub private vulnerability reporting (see each repo's SECURITY.md).

Built by @gok03. License: Apache-2.0.

Popular repositories Loading

  1. refuse-cli refuse-cli Public

    Wraps npm, pip, cargo, yarn, pnpm, gem, bun, and go as a PATH shim — refuses to install packages with known CVEs.

    Go 1

  2. refuse refuse Public

    Self-hostable, open-source server for vetting packages before AI coding agents install them.

    TypeScript

  3. homebrew-tap homebrew-tap Public

    Homebrew tap for refuse-cli — auto-populated on each release of github.com/RefuseHQ/refuse-cli

    Ruby

  4. .github .github Public

    Org profile for RefuseHQ — see profile/README.md

Repositories

Showing 4 of 4 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…