u/Abu_Itai

Hey guys, I know this might sound silly, but why does my team actually need a private registry? How does it help us? can't we live without it? from your experience, what pain does it solves ?

AI agents are pulling deps, doing it so fast so no one can really review. I feel like artifacts/packages are becoming the real risk.
Not just npm or pip anymore. Models, generated assets, random tools the agent decides to use.

How are you handling this in practice?
Real guardrails? Scanning beyond packages?
Or still mostly “we’ll deal with it if something breaks”?

what this looks like in real teams right now?