Y
Hacker News
new
|
ask
|
show
|
jobs
by
asylteltine
921 days ago
When will npm finally take security seriously? How many incidents do they need? Don’t allow non hardware mfa and add verified namespaces already!
2 comments
lainga
921 days ago
Never. It is this way for cosmogonical reasons; it fulfils a purpose. I see Isaac Schlueter as the modern Genghis: "If you had not committed great sins, God would not have sent a punishment like me upon you."
link
mikeryan
921 days ago
It’s not NPMs job to secure
your
repo. They provide the tools to protect it. It’s your job as a maintainer to not shoot yourself in the foot.
link