Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Time and time again I'll keep saying this: This problem is only solved with package repositories that require review by a maintainer to publish. Linux distributions solved this ages ago.


Change that to multiple maintainers. Best practices should mean that any single point of failure is mitigated. I'm shocked to say it, but the blockchain might actually be a useful model for trust here.


This raises an interesting business idea. How much would developers and companies be willing to pay for an npm alternative with human reviewers?


I think some other comments are expressing interest in exactly just that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: