JavaScript is the most widely used programming language in the world so it’s no surprise its package registry is a prime target.

Amid an on-going stream of multiple sophisticated attacks on projects by groups connected to nation state actors, npm is ramping up protections to stop legitimate open source packages getting published with malware in. 

But how much can a package registry do to protect users (and maintainers) and how far do developers need to accept it’s time to make some changes themselves?

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in