12th March 2019

Laurie Voss, a Co-founder and Chief Data Office of NPM(A package manager for JavaScript, and a huge database of public and private JavaScript packages), had an interesting story to tell on Twitter:

My first reaction was something akin to "How the hell do you do this by mistake?". Surely publishing a package to NPM has just enough friction that you don’t publish private IP to a public repository.

You have to also keep in mind thatNPM have supported private repositories since 2014, and also offer a full enterprise solution already, NPM Enterprise.