Jared
๐ค SpeakerAppearances Over Time
Podcast Appearances
Welcome, friends.
I'm Jared, and you are listening to The Changelog, where each week we interview the hackers, the leaders, and the innovators of the software world.
As the creator and longtime maintainer of ESLint, Nicholas Zakis is well-positioned to criticize GitHub's recent response to NPM's insecurity.
He found their response insufficient and has other ideas on how GitHub could secure NPM better.
On this episode, Nicholas details his ideas, paints a bleak picture of NPM alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.
But first, a big thank you to our partners at Fly.io, the platform for devs who just want to ship, build fast, run any code fearlessly at Fly.io.
Okay, Nicholas Zakis, talking NPM on the changelog.
Let's do it.
Like all of us.
JS Party, maybe, right, JS Party?
You know, we were talking about it yesterday, and I know him online.
I feel like I've met him before, but I didn't actually go back in our catalog and look you up.
So I would only assume it was either an old, old episode of The Changelog or a not quite as old episode of JS Party, but for sure you've been on the network.
I wasn't on the podcast.
Oh, okay.
Then welcome to the podcast.
Yeah, welcome to the both of us and the three of us.
So GitHub did respond to this, or they have done some changes.
I don't know if it was in response or the timing was correct that it seemed like it was in response.
We had Firas Aboukadidj on the show last year talking about just the onslaught and some of the details of those hacks, and it was fun to hear about how the hackers are doing their hacking.