New request for comments on improving NPM security with Sigstore is now open | Dark Hacker News