With this letter, I’m proposing some modification of the publish process of all package managers, and Github because it’s the most trusted service provider in the open-source world. Recently, one of the widely used npm packages is compromised and malicious code was distributed using it.
Full article