Y
Hacker News
new
|
ask
|
show
|
jobs
by
jlgaddis
3169 days ago
With a good password policy and mandatory 2FA and (GPG) signing, npm would actually be pretty damn trustworthy.
That's too much "friction", though, so I expect it to remain in this sorry state it has been in.