|
|
|
|
|
|
by no29
3080 days ago
|
|
|
independent site that maps packages to author certs that npm uses for verification at install time? also, this is a problem that every package mgmt system faces. they alert on changes on upgrade but there's a requirement at the end user level to verify that at install time, the cert being trusted is the right one. |
|
|