RT npm
Today we opened an RFC with a proposal of how npm can collaborate with @projectsigstore to link packages to their source and build, a significant improvement to the supply chain security of the JavaScript ecosystem.
https://github.blog/2022-08-08-new-request-for-comments-on-improving-npm-security-with-sigstore-is-now-open/

https://twitter.com/npmjs/status/1556706813944504320