Product Thumbnail

Refuse

Block vulnerable package installs for you and your AI

SaaS
Developer Tools
Security

Hunted byGokulGokul

Product upvotes vs the next 3

Waiting for data. Loading

Product comments vs the next 3

Waiting for data. Loading

Product upvote speed vs the next 3

Waiting for data. Loading

Product upvotes and comments

Waiting for data. Loading

Product vs the next 3

Loading

Refuse

Block vulnerable package installs for you and your AI

Refuse sits in front of npm, pip, cargo, gem, go + 13 more package managers and refuses known-vulnerable installs before they hit disk — the moment you (or your coding agent) run them. Also, Open-source, self-hostable, one Docker container.

Top comment

Hey Product Hunt 👋 I'm the maker. Most vulnerability scanners tell you a package is bad after it's already on your disk. I wanted something that refuses it at the moment of install — before the install ever runs. So I built Refuse. A single binary puts itself in front of npm, pip, cargo and ~13 more package managers. You run npm install exactly like always — it checks the package against the live CVE databases first, then either installs it or blocks with the fix: npm install [email protected] → refuse: blocked — CVE-2019-10744 (critical); safe: 4.17.21 The reason it exists: AI coding agents. Claude Code and Cursor run installs from inside a tool call and pin versions from their training data — old versions that have since picked up CVEs. Refuse installs as an agent hook so those installs go through the same gate, with no human-override flag for the agent. It's open-source (Apache-2.0) and self-hostable — one Docker container, your own CVE backend, no telemetry. Or use the hosted tier if you'd rather not run it. 🔗 https://refuse.dev · https://github.com/RefuseHQ/refu... Would love your feedback — easiest test is to run it against a lockfile from a project you already have and see what it catches. Happy to answer anything in the comments today.

About Refuse on Product Hunt

Block vulnerable package installs for you and your AI

Refuse launched on Product Hunt on June 18th, 2026 and earned 77 upvotes and 2 comments, placing #26 on the daily leaderboard. Refuse sits in front of npm, pip, cargo, gem, go + 13 more package managers and refuses known-vulnerable installs before they hit disk — the moment you (or your coding agent) run them. Also, Open-source, self-hostable, one Docker container.

On the analytics side, Refuse competes within SaaS, Developer Tools and Security — topics that collectively have 561.2k followers on Product Hunt. The dashboard above tracks how Refuse performed against the three products that launched closest to it on the same day.

Who hunted Refuse?

Refuse was hunted by Gokul. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.

For a complete overview of Refuse including community comment highlights and product details, visit the product overview.