
Why NPM lockfiles can be a security blindspot for injecting malicious modules - lirantal
https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/
======
christopherbalz
Is this something that could/should be done by the package repositories such
as npmjs.com?

