# Derek Sousa, Senior Platform Engineer at Palanteer (412 employees) — read of supply-chain-integrity-checker, June 14 2026

> 11 years in DevOps and platform engineering, two failed side projects in the drawer, currently using Snyk and Dependabot at work and quietly hunting for the third thing to try.

## How I got here

Someone in the "Indie Hackers Infrastructure" Discord dropped a link and said "these guys are doing something different with honesty scores." I clicked mostly to see what the honesty scores thing was about. I was not looking for a supply chain security tool -- I work with those every day. I was looking for a business idea that doesn't suck to build.

## What I clicked first

The headline is fine: "Detect compromised dependencies before they compromise you." It's punchy, not embarrassing. But the thing that stopped me was the scoring block. "64/100 Adoptability. $-22,600 Year-1 take-home (Fermi). 1 in 8 Meaningful-success odds." I've never seen a product page open with its own failure rate. That either means the people who built this are genuinely honest or they're using honesty as a positioning trick. I spent a minute trying to figure out which one.

## Where I paused

"Behavioral Anomaly Detection -- Flag packages that deviate from their history: unexpected binary bloat, new network calls at build time, sudden version jumps, or unusual commit activity. Baseline learned from first 10 versions; alerts on drift."

That's specific enough to tell me someone actually thought about this. The XZ Utils backdoor would have tripped most of those signals. The "first 10 versions" baseline approach is a real design decision, not vibes. That paragraph is the only place on the page where I felt like someone had actually sat down and worked through the problem at an engineering level rather than just listed nouns.

## What I distrusted

The feature list reads like a legitimate spec -- manifest scanning, lineage mapping, CI/CD one-liner, post-incident audit trail -- but then you scroll down and hit: "Honest disclosure: we don't have live customers on this idea yet. We shipped the strategy package; you ship the customer conversations."

So what I'm actually being sold is a PDF and maybe some boilerplate code for $99-199 to go compete against Snyk, Socket.dev, GitHub Advanced Security, and Dependabot -- in a market where the free tier of the competition is already better than what most teams use. The "financial upside: 1/10" score buried in the axes list is doing a lot of work. It's honest, but it also answers the question I was about to ask.

The features described -- especially behavioral anomaly detection and cryptographic signature verification -- would take 6-18 months to build at a level anyone would pay for. "Speed to MVP: 3/10" admits this implicitly. Those two facts together make me nervous about what the $99 "working code starter" actually contains.

## What would convince me

Show me the code starter. Not a screenshot. Not a list of what's in it. Let me see the actual repo structure and how far along the behavioral detection piece is. The difference between "we gave you a skeleton" and "we gave you something that actually runs against a real package.json" is the entire value proposition at that price point.

Alternatively: one person who actually adopted one of these Wishdeal Studio ideas and got to their first paying customer. Not a testimonial blurb. A Substack post or Twitter thread showing the real timeline. The Fermi math says 1 in 8. I want to know if that one is a real person or a theoretical.

## What I'd ask in an email reply

1. The behavioral anomaly detection baseline -- does the working code starter actually implement that, or is it stubbed out and in scope for me to build from scratch?
2. Socket.dev already does a version of this and they raised serious money. What does the dossier say about differentiation, and is it "focus on a vertical" or something more specific?
3. Has anyone who bought the $99 package on any idea in this catalog gone on to charge a customer? What happened?

## Verdict: on-the-fence

The Fermi math transparency is the most interesting thing on the page, and the feature spec shows someone who knows the problem domain. But the market is genuinely crowded with better-funded tools and the numbers they're publishing about their own product are not encouraging. I haven't closed the tab yet, which is more than I can say for most things I click on a Tuesday morning.

---
*Memo by skeptic persona, generated 2026-06-14. Studio breaks own self-grading loop.*
