The LLMs that power your favorite AI coding assistants like GitHub Copilot or Continue take a lot of time and money to train, so they're not working with up-to-date knowledge. In fact, their knowledge cutoff dates are often 12-18 months in the past.
That means they don't know anything about the latest threats in the open source package ecosystem, like malicious packages. They also don't know which projects have been deprecated or archived since they were trained.
CodeGate augments your LLM's knowledge with an up-to-date database of risky packages in five popular ecosystems (PyPI, npm, golang.org, crates.io, and Maven), powered by Stacklok Insight. CodeGate is a new open source project from Stacklok that runs locally to protect your privacy and security while you use AI coding tools.
In this video, see how CodeGate automatically protects you from malicious or deprecated dependencies without changing how you work with your AI coding assistant.
Learn more about CodeGate on the website, check out the docs to get started, and join us on Discord!
Author Of article : Dan Barr Read full article