Open Letter: Let's stop supply chain attack

With this letter, I’m proposing some modification of the publish process of all package managers, and Github because it’s the most trusted service provider in the open-source world. Recently, one of the widely used npm packages is compromised and ma...