Lily Hay Newman / Wired:
GitHub partners with code-signing service Sigstore to add support for signing npm software packages, helping improve the security of open source projects — The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.