Jared

It seems like your read on the GitHub changes to the way it works is more maintainer burden and perhaps too tightly scoped.

Is that fair to say?

Or you want to give your impressions of some of the things they're doing to react to this?

Because they're in the position as a platform to be the most...

influential reactor?

Are they the ones that have to basically make some changes, right?

Well, there's one big difference between the credit card companies and GitHub slash Microsoft.

Otherwise, I agree with you entirely with the methodology of like, you know, inference and fraud detection, like analysis, be more proactive than reactive, etc.

Is that the credit card companies get paid per transaction, you know, so like there's money directly tied to that process, right?

and what is npm to github to microsoft you know it's it seemed like it was a fig leaf at a time when npm needed one you know to continue to exist and so acquisition but where is the revenue coming from like what what's it doing for github what's it doing for microsoft and so i understand

although we tend to get cynical over time, I understand why it's hard to actually allocate more resources because it's like, this is not their main thing.

It's not even their like seventh main thing.

It's just like a thing that they have

that's hanging off another thing that they bought.

Like they bought the GitHub and they got the NPM and they're like, well, you know, like I understand for the rest of us, it sucks.

And what do they lose when we have these, they lose a little bit of goodwill, right?

A little brand tarnishment, but not much.

They're not losing enough trust that they're not making money on transactions where it's like credit card companies, you got to trust that credit card company in order to actually use their card.

And for Microsoft, you know, if there's another NPM security breach,

I'm sure they don't like it.