|
|
|
|
|
|
by kbenson
2904 days ago
|
|
|
Not necessarily. Have NPM store the public key, and require a lot of red tape and time to update it (versioning with delays). Require multiple keys to sign or vouch for a package before publishing is complete (log of reverse dependencies +1 maybe). There are lots of options. |
|
|