@[email protected] i highly doubt it would be possible to effectively moderate npm or alike the way its done in linux distros, simply because of its enormous size probably the best way to at least try to mitigate this is to have a "quarantine" for a set period of time, but this would likely only work for corporate environments npm also has [this](https://docs.npmjs.com/generating-provenance-statements), idk if theres similar on other langs' registries