Our plan for a more secure npm supply chain
github.blog
