Is there a good reason for making NPM profile emails public? I have an unique email address on NPM, and it receives a considerable amount of phishing emails that target NPM and Mailgun.
Maybe as way to help users contact authors without the registry not having to sit in the middle of it which would take effort. Should be an opt-in tho you’d think
Maybe, having email allows other people to contact if there is any vulnerability etc.? Not all project are on GitHub and there should be someway to contact the author, right?
The user interface does not show your account email, it is only exposed by the registry API. NPM has a button on every package listing to report malware and security issues in the package.