「npm Best Practices for the Supply-Chain - Open Source Security Foundation」
We are excited to announce the v1 release of the “npm Best Practices,” a new guide focused on dependency management and supply chain security for npm. This release is the result of the OpenSSF Best Practice Working Group. It is a critical step to help JavaScript and TypeScript developers reduce risks as they choose open-source dependencies to use in their projects.