Improving NPM Security with Sigstore
github.blogHaving been involved with early RubyGems work on sigstore support, I am unreasonably excited to see this announcement. The RFC looks thorough and thoughtful and the impact of better signing in npm can't be overstated.
Yeah, besides finally having some progress regarding signing, I think it's great they went with an option that is open and already is gaining traction.