The Changelog

Securing npm is table stakes (Interview)

Jan 29, 2026 · 1h 21m

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub's recent response to npm's insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.

Ин қисм ҳанӯз навишта нашудааст

Барои навиштани ин қисм бо AI STT.ai- ро истифода баред. Матни дақиқро бо муайянкунии сухангӯ, аломатҳои вақт ва содирот ба форматҳои гуногун гиред.

Интихоби Табақа

Муайянкунии баландгӯяк Вақти калима Содирот ҳамчун SRT, TXT, JSON

Бештар қисмҳо

Securing npm is table stakes (Interview)

Ин қисм ҳанӯз навишта нашудааст

Бештар қисмҳо

Astral has been acquired by OpenAI (News)

From Tailnet to platform (Interview)

Big change brings big change (News)

Finale & Friends (Friends)

Opus 4.5 changed everything (Interview)

The mythical agent-month (News)

Selling SDKs in the era of many Claudes (Interview)

All the Claw things (News)

Han shot first (Friends)

Building the machine that builds the machine (Interview)