Preventing accidental NPM leaks by reviewing the final artifact 8 hours ago (github.com) 2 comments packattest Reply Add to library packattest 7 hours ago One thing I’m curious about:We’ve focused a lot on provenance (where artifacts come from), but less on verifying what actually gets published.Feels like both are needed — provenance + explicit artifact review.Curious if others have seen similar issues in other ecosystems (pip, cargo, etc). packattest 8 hours ago [dead]
packattest 7 hours ago One thing I’m curious about:We’ve focused a lot on provenance (where artifacts come from), but less on verifying what actually gets published.Feels like both are needed — provenance + explicit artifact review.Curious if others have seen similar issues in other ecosystems (pip, cargo, etc).
One thing I’m curious about:
We’ve focused a lot on provenance (where artifacts come from), but less on verifying what actually gets published.
Feels like both are needed — provenance + explicit artifact review.
Curious if others have seen similar issues in other ecosystems (pip, cargo, etc).
[dead]