Tierney Cyren

depending on how https://github.com/npm/rfcs/pull/564 goes, it might be worth simply waiting for that to be implemented and the subsequent [command mapping](https://github.com/npm/rfcs/blob/e63094a66d3b690561c129599861f221ffb7305c/accepted/0000-dependency-selector-syntax.md#command-mapping-to-query-output) feature, so as not to waste time on implementing...

> Given that licensee already exists, I’m not sure what the value is of waiting? I explored doing it with licensee in a pairing session with @izs and the conclusion...

Would this RFC be a reasonable one to also include enhancements to the lifecycle flags, or should that be a separate concern?

as far as I can tell it doesn't. Here's a gist: https://gist.github.com/bnb/109d0429dd33824415e0671679ff46fb

@darcyclarke any shot we can get this included in the next meeting?

sick, tysm @nlf

In general, I do like this. The one caveat I do have is that I've often seen users want _author_ signing, as opposed to registry signing. My instinct here is...

> @bnb do you have any objections to the above plan if we also make it more obvious what type of signatures are being verified in the command output? If...

this is absolutely outside of the scope of this RFC, but wanted to share because I thought it might be nifty: I've also been a fan of third-party hooks into...

> Interesting! I had thought about supporting third-party npm registries, e.g. GitHub Packages, Artifactory, Verdaccio etc but this seems slightly different. Do you mean the dependency can define a hook/script...