Episode

Securing npm is table stakes (Interview)

Podcast

The Changelog: Software Development, Open Source

Published

Jan 29, 2026

Duration seconds

4871

Processing state

processed

Canonical source

https://changelog.com/podcast/674

Audio

https://op3.dev/e/https://pscrb.fm/rss/p/https://cdn.changelog.com/uploads/podcast/674/the-changelog-674.mp3

JSON

/v1/public/podcasts/the-changelog-software-development-open-source/episodes/securing-npm-is-table-stakes-interview

Markdown

/podcast/the-changelog-software-development-open-source/securing-npm-is-table-stakes-interview.md

Actions

• POST https://stenobird.com/v1/public/podcasts/the-changelog-software-development-open-source/episodes/securing-npm-is-table-stakes-interview/transcription-requests
  Idempotently request low-priority transcript generation for this episode.
• GET https://stenobird.com/podcast/the-changelog-software-development-open-source/securing-npm-is-table-stakes-interview.md
  Read the agent-friendly Markdown representation of this episode resource.

Summary

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub's recent response to npm's insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.