New request for comments on improving npm security with Sigstore is now open

Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages...

By · · 1 min read
New request for comments on improving npm security with Sigstore is now open

Source: The GitHub Blog

Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.