Hacker News: packattesthttps://news.ycombinator.com/user?id=packattestHacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 06 Apr 2026 02:07:14 +0000<![CDATA[New comment by packattest in "Preventing accidental NPM leaks by reviewing the final artifact"]]>One thing I’m curious about:

We’ve focused a lot on provenance (where artifacts come from), but less on verifying what actually gets published.

Feels like both are needed — provenance + explicit artifact review.

Curious if others have seen similar issues in other ecosystems (pip, cargo, etc).

]]>Sun, 05 Apr 2026 14:34:15 +0000https://news.ycombinator.com/item?id=47649885packattesthttps://news.ycombinator.com/item?id=47649885https://news.ycombinator.com/item?id=47649885<![CDATA[Preventing accidental NPM leaks by reviewing the final artifact]]>Article URL: https://github.com/divohna/PackAttest

Comments URL: https://news.ycombinator.com/item?id=47649478

Points: 1

# Comments: 1

]]>Sun, 05 Apr 2026 13:53:55 +0000https://github.com/divohna/PackAttestpackattesthttps://news.ycombinator.com/item?id=47649478https://news.ycombinator.com/item?id=47649478