logoalt Hacker News

tomaytotomatoyesterday at 11:13 AM3 repliesview on HN

Could npm adopt a reverse domain naming system similar to Java's for Maven libraries?

com.foo.bar

That would require domain verification, but it would add significant developer friction.

Also mandatory Dune reference:

"Bless the maker and his water"

Replies

chasd00yesterday at 6:35 PM

Some MFA requirement to publish a new version of the package would be a good idea. In me experience releasing a new version of software is a big enough deal that the product owner is on hand to authorize the release via a separate device no matter how automated the pipeline is.

KomoDyesterday at 11:17 AM

I don't see how this solves the problem?

ramon156yesterday at 11:33 AM

I was thinking something similar to cargo-audit, because domain names don't really fix anything here