np
np copied to clipboard
Check for scopes
Description
Check for scoped packages when publish to a
private registry as mention in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks.
When a non-scoped package is published to a private registry, np
could throw a warning.
I think we can win security and can avoid malicious failures as mention in the blog-post.
Check what exactly? The issue description should be self-explanatory without needing to read the whole blog post.