Comment by ____tom____ 2 months ago Time to revisit, clearly. 1 comment ____tom____ Reply tmpfs 2 months ago Agreed, more than time to revisit. I have stopped using npm entirely because of their cavalier attitude to security.Code signing could and should have been implemented years ago. It's not a panacea but just part of defense in depth.I can't trust npm whatsoever to do the right thing at this point.
tmpfs 2 months ago Agreed, more than time to revisit. I have stopped using npm entirely because of their cavalier attitude to security.Code signing could and should have been implemented years ago. It's not a panacea but just part of defense in depth.I can't trust npm whatsoever to do the right thing at this point.
Agreed, more than time to revisit. I have stopped using npm entirely because of their cavalier attitude to security.
Code signing could and should have been implemented years ago. It's not a panacea but just part of defense in depth.
I can't trust npm whatsoever to do the right thing at this point.