There have been a lot of supply-chain attacks on projects, by way of creating fake or tainted node.js packages. The base for this attack is complete anonimity without even signature for the packages. We plan to use our experience in blockchain technologies, to create a new infrastructure for node.js where packages must be signed by developers and developer teams. Authorized signatures will be elected by the user and developer community.
Fund this project
TACC - The Americas Consulting Company
theamericasconsulting.com/signed_node_js.html
github.com/Fatima-yo/signed_node_js