Improving NPM Security with Sigstore

Having been involved with early RubyGems work on sigstore support, I am <i>unreasonably excited</i> to see this announcement. The RFC looks thorough and thoughtful and the impact of better signing in npm can&#x27;t be overstated.