Securing npm is table stakes (Changelog Interviews #674)
Changelog Master Feed · Changelog Media
Audio is streamed directly from the publisher (op3.dev) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub’s recent response to npm’s insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.
Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Namespace – Speed up your development and testing workflows using your existing tools. (Much) faster GitHub actions, Docker builds, and more. At an unbeatable price.
- Tiger Data – Postgres for Developers, devices, and agents The data platform trusted by hundreds of thousands from IoT to Web3 to AI and more.
- Squarespace – A website makes it real! Use code CHANGELOG to save 10% on your first website purchase.
Featuring:
- Nicholas C. Zakas – Website, GitHub, LinkedIn, Bluesky, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!