[option_greek]

There should be a reputation score for new releases on npm with scores from beta users who are part of the community. Sounds similar to app store but more community controlled.

In general, there should be a risk assessment score on npm for each package sourced automatically from different criteria like how many maintainers are there in a project, ownership changes etc.

Also, making the new package available only to few % of random users would have limited the impact.

Overall this pull with complete trust is just asking for trouble.

And yeah, this developer needs to be committed to a facility for his own good (if this doesn't qualify him for that then I don't know what will).

[toastal]

That's literally gatekeeping. It took me so long to get enough karma on HN to be able to leave a comment. This would just shift the system to be gamed by bots / upvote4upvote, and keep existing hegemony in the community on who gets the power and say in porjects. Do not want.