Hacker News new | comments | show | ask | jobs | submit login

publishing is separate to the source code. If someone stole the publishers credentials, then they could publish [1]. Only NPM servers would be able to know something special (not the credentials) about who did the publish, e.g IP.

[1] https://docs.npmjs.com/getting-started/publishing-npm-packag...






Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: