Securing npm is table stakes

Securing npm is table stakes

From Changelog Interviews by Changelog Media

January 29, 2026 · 1h 21m

About this episode

Nicholas Zakas critiques GitHub's response to npm's security issues and offers alternative solutions.

As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub's recent response to npm's insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.

People in this episode

Guest: Nicholas Zakas

Topics covered

  • npm security
  • GitHub response
  • ESLint
  • internet infrastructure
  • software development

Keywords

  • npm
  • security
  • GitHub
  • ESLint
  • JSR
  • internet infrastructure
  • software

Mentioned in this episode

Organizations: GitHub, npm, ESLint, JSR

More episodes of Changelog Interviews

Explore listener stats, chart rankings, contacts and more on the Changelog Interviews podcast page.