Changelog Interviews

Securing npm is table stakes

Listen Later

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub’s recent response to npm’s insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.

Join the discussion

Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Namespace – Speed up your development and testing workflows using your existing tools. (Much) faster GitHub actions, Docker builds, and more. At an unbeatable price.
  • Tiger Data – Postgres for Developers, devices, and agents The data platform trusted by hundreds of thousands from IoT to Web3 to AI and more.
  • Squarespace – A website makes it real! Use code CHANGELOG to save 10% on your first website purchase.

    • Featuring:

    • Nicholas C. Zakas – Website, GitHub, LinkedIn, Bluesky, Mastodon, X
    • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
    • Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X

    Show Notes:

    • How GitHub could secure npm
    • JSR: the javascript registry
    • vlt /vōlt/

      • Something missing or broken? PRs welcome!

      ...more
      View all episodesView all episodes
      Download on the App Store
      Changelog InterviewsBy Changelog Media
      • 5
      • 5
      • 5
      • 5
      • 5

      5

      5 ratings

      More shows like Changelog Interviews

      View all
      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      288 Listeners

      Making Sense with Sam Harris by Sam Harris

      Making Sense with Sam Harris

      26,380 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      626 Listeners

      Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

      Syntax - Tasty Web Development Treats

      985 Listeners

      REWORK by 37signals

      REWORK

      212 Listeners

      The Diary Of A CEO with Steven Bartlett by DOAC

      The Diary Of A CEO with Steven Bartlett

      8,876 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      212 Listeners

      Sicherheitshalber by Der Podcast zur sicherheitspolitischen Lage in Deutschland, Europa und der Welt.

      Sicherheitshalber

      48 Listeners

      All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

      All-In with Chamath, Jason, Sacks & Friedberg

      10,254 Listeners

      Dwarkesh Podcast by Dwarkesh Patel

      Dwarkesh Podcast

      551 Listeners

      Huberman Lab by Scicomm Media

      Huberman Lab

      29,272 Listeners

      Plain English with Derek Thompson by The Ringer

      Plain English with Derek Thompson

      2,282 Listeners

      Oxide and Friends by Oxide Computer Company

      Oxide and Friends

      67 Listeners

      Changelog News by Changelog Media

      Changelog News

      14 Listeners

      Rust in Production by Matthias Endler

      Rust in Production

      25 Listeners