# Securing npm is table stakes (Interview)

Page: https://stenobird.com/podcast/the-changelog-software-development-open-source/securing-npm-is-table-stakes-interview
Text version: https://stenobird.com/podcast/the-changelog-software-development-open-source/securing-npm-is-table-stakes-interview.md
Podcast: [The Changelog: Software Development, Open Source](https://stenobird.com/podcast/the-changelog-software-development-open-source)
Published: 2026-01-29T15:00:00+00:00
Episode link: https://changelog.com/podcast/674
Audio file: https://op3.dev/e/https://pscrb.fm/rss/p/https://cdn.changelog.com/uploads/podcast/674/the-changelog-674.mp3
Processing state: processed
JSON: https://stenobird.com/v1/public/podcasts/the-changelog-software-development-open-source/episodes/securing-npm-is-table-stakes-interview
Duration seconds: 4871

## Resource

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub's recent response to npm's insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/the-changelog-software-development-open-source/episodes/securing-npm-is-table-stakes-interview/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/the-changelog-software-development-open-source/securing-npm-is-table-stakes-interview.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.