Securing npm is table stakes (Interview)
As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub’s recent response to npm’s insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.
Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Namespace – Speed up your development and testing workflows using your existing tools. (Much) faster GitHub actions, Docker builds, and more. At an unbeatable price.
- Tiger Data – Postgres for Developers, devices, and agents The data platform trusted by hundreds of thousands from IoT to Web3 to AI and more.
- Squarespace – A website makes it real! Use code CHANGELOG to save 10% on your first website purchase.
Featuring:
- Nicholas C. Zakas – Website, GitHub, LinkedIn, Bluesky, Mastodon, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!
Fler avsnitt av The Changelog: Software Development, Open Source
Visa alla avsnitt av The Changelog: Software Development, Open SourceThe Changelog: Software Development, Open Source med Changelog Media finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.