| ▲ | feross 5 days ago | |
Disclosure: I’m the founder of https://socket.dev A week waiting period would not be enough. On average, npm malware lingers on the registry for 209 days before it's finally reported and removed. Source: https://arxiv.org/abs/2005.09535 | ||
| ▲ | ptrl600 4 days ago | parent [-] | |
OK, a week for popular packages, anything else I'd manually review each update. It'd be a nice feature. | ||