GitHub are in such a good position to improve npm package security drastically. Imagine package releases that are verified against git commits. Impossible to sneak code in.
-
-
tbh Microsoft is the #1 company I trust for developer tooling.pic.twitter.com/N4qYBLSUzN
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I get what you are saying on improving security,
on that , but the scale of the company is by no means a guarantee that they do things right. Facebook itself has messed up pretty bad and it's full of fricking awesome talented people 

-
That being said, if you were being sarcastic or not , all good anyway.
End of conversation
New conversation -
-
-
At least we can have our 2FA up now
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
there some issues in trusting multi-billion companies
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
yes, but mostly this. i don't trust a cli team of 2 people (now 1 ?!)
-
I think this is going too fast too furious in the wrong direction. The cli team in
@npmjs deserve nothing more than respect and trust given all the value they have delivered. Mixing that with all the shitty situation npm Inc get itself into is not helpful - 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I think about something like the flatmap-stream/event-stream attack and I just think to myself... How could npm not have already been doing that?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I absolutely feel the same. Those multi-billion companies are basically error free and we can rely on them without any worries, right? https://github.blog/2018-10-30-oct21-post-incident-analysis/ … https://www.vox.com/2017/3/2/14792636/amazon-aws-internet-outage-cause-human-error-incorrect-command … https://bitbucket.status.atlassian.com/
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
he/him 