Most big tech companies maintain their own NPM registry that only includes appro... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		umpalumpaaa 6 months ago \| parent \| context \| favorite \| on: Shai-Hulud malware attack: Tinycolor and over 40 N... Most big tech companies maintain their own NPM registry that only includes approved packages. If you need a new package available in that registry you have to request it. A security team will then review that package and its deps and add it to the list of approved packages… I would love to have something like that "in the open"…

skydhash 6 months ago [–]

A debian version of NPM? I've seen a lot of hates on Reddit and other places about Debian because the team focuses on stability. When you look at the project, it's almost always based on Rust or Python.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact