[DanielHB]

> NPM the company isn't curating NPM the registry

They do in fact curate the registry, mainly for reporting vulnerabilities to consumers and to remove malicious packages.

[diggan]

I'd probably call those things "maintenance" or "moderation" rather than "curation". Curation would imply they care about the quality, but in reality they just try to limit the damage of malicious packages.