The Changelog: Software Development, Open Source

Securing npm is table stakes (Interview)

Listen Later

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub’s recent response to npm’s insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.

Join the discussion

Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Namespace – Speed up your development and testing workflows using your existing tools. (Much) faster GitHub actions, Docker builds, and more. At an unbeatable price.
  • Tiger Data – Postgres for Developers, devices, and agents The data platform trusted by hundreds of thousands from IoT to Web3 to AI and more.
  • Squarespace – A website makes it real! Use code CHANGELOG to save 10% on your first website purchase.

    • Featuring:

    • Nicholas C. Zakas – Website, GitHub, LinkedIn, Bluesky, Mastodon, X
    • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
    • Jerod Santo – Website, GitHub, LinkedIn, Mastodon, X

    Show Notes:

    • How GitHub could secure npm
    • JSR: the javascript registry
    • vlt /vōlt/

      • Something missing or broken? PRs welcome!

      ...more
      View all episodesView all episodes
      Download on the App Store
      The Changelog: Software Development, Open SourceBy Changelog Media
      • 4.7
      • 4.7
      • 4.7
      • 4.7
      • 4.7

      4.7

      286 ratings

      More shows like The Changelog: Software Development, Open Source

      View all
      Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

      Software Engineering Radio - the podcast for professional software developers

      272 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      623 Listeners

      LINUX Unplugged by Jupiter Broadcasting

      LINUX Unplugged

      273 Listeners

      Talk Python To Me by Michael Kennedy

      Talk Python To Me

      583 Listeners

      Soft Skills Engineering by Jamison Dance and Dave Smith

      Soft Skills Engineering

      290 Listeners

      Data Engineering Podcast by Tobias Macey

      Data Engineering Podcast

      147 Listeners

      Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

      Syntax - Tasty Web Development Treats

      988 Listeners

      REWORK by 37signals

      REWORK

      216 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      211 Listeners

      AWS Podcast by Amazon Web Services

      AWS Podcast

      207 Listeners

      The Stack Overflow Podcast by The Stack Overflow Podcast

      The Stack Overflow Podcast

      64 Listeners

      The Real Python Podcast by Real Python

      The Real Python Podcast

      139 Listeners

      Big Technology Podcast by Alex Kantrowitz

      Big Technology Podcast

      513 Listeners

      Training Data by Sequoia Capital

      Training Data

      40 Listeners

      The Pragmatic Engineer by Gergely Orosz

      The Pragmatic Engineer

      74 Listeners