Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could npm adopt a reverse domain naming system similar to Java's for Maven libraries?

com.foo.bar

That would require domain verification, but it would add significant developer friction.

Also mandatory Dune reference:

"Bless the maker and his water"



I don't see how this solves the problem?


Some MFA requirement to publish a new version of the package would be a good idea. In me experience releasing a new version of software is a big enough deal that the product owner is on hand to authorize the release via a separate device no matter how automated the pipeline is.


I was thinking something similar to cargo-audit, because domain names don't really fix anything here




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: