
About this episode
Nicholas Zakas critiques GitHub's response to npm's security issues and offers alternative solutions.
As the creator and long-time maintainer of ESLint, Nicholas Zakas is well-positioned to criticize GitHub's recent response to npm's insecurity. He found the response insufficient, and has other ideas on how GitHub could secure npm better. On this episode, Nicholas details these ideas, paints a bleak picture of npm alternatives like JSR, and shares our frustration that such a critical piece of internet infrastructure feels neglected.
People in this episode
Guest: Nicholas Zakas
Topics covered
- npm security
- GitHub response
- ESLint
- internet infrastructure
- software development
Keywords
- npm
- security
- GitHub
- ESLint
- JSR
- internet infrastructure
- software
Mentioned in this episode
Organizations: GitHub, npm, ESLint, JSR
More episodes of Changelog Interviews
- From open source hits to OpenAI · June 5, 2026 · 1h 46m
- MCP on Code Mode · May 15, 2026 · 1h 55m
- Exploring with agents · April 24, 2026 · 1h 37m
- From Tailnet to platform · March 11, 2026 · 1h 42m
- Opus 4.5 changed everything · February 27, 2026 · 1h 44m
- Selling SDKs in the era of many Claudes · February 19, 2026 · 1h 50m
Explore listener stats, chart rankings, contacts and more on the Changelog Interviews podcast page.