We are tired of fixing builds because a package vanished, or chasing CVEs that could have been caught at install time. RepKG is the tool we wished existed five years ago.

curl -sSL https://repkg.io/bootstrap.sh | bash repkg mirror npm react npm config set registry http://localhost:4873 npm install react repkg verify --report RepKG – because your dependencies shouldn’t be a liability.

"name": "lodash", "version": "4.17.21", "algorithm": "sha256", "digest": "d8e...f3a", "source": "registry": "npm", "upstream_url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "fetched_at": "2025-02-10T12:34:56Z" , "signatures": [ "key": "repkg-mirror-01", "sig": "MEU..." , "key": "sigstore", "sig": "MEY..." ], "merkle_proof": "root=... path=...", "timestamp": "rfc3161-timestamp.der"

Yes. Run repkg mirror against upstream registries yourself. The receipts are generated locally.

Enjoying the Site?

support_me_on_kofi_dark
Contact Us

We Value Your Feedback

Share your thoughts ⟶

© Me Vertuoso All Rights Reserved 2025

For the Best Experience, Switch to Desktop Mode!

Download Interface

Ensure you’re getting the most out of our content by activating the desktop mode in your mobile browser. Enjoy smoother navigation and a complete view!