| ▲ | ____tom____ 2 days ago | |
Time to revisit, clearly. | ||
| ▲ | tmpfs 2 days ago | parent [-] | |
Agreed, more than time to revisit. I have stopped using npm entirely because of their cavalier attitude to security. Code signing could and should have been implemented years ago. It's not a panacea but just part of defense in depth. I can't trust npm whatsoever to do the right thing at this point. | ||