Sources

So this has become a common and widely used approach for context engineering. This falls under common and hard problems. Common and easier problems are prompt engineering and alignment. There has been work done on creating evaluation flywheel architectures. Dependencies and conflicts is a foundational challenge, installing frameworks and software. Thinking of operational challenges, top challenge is ***Tool-Use Coordination Policies (23%),** * which is related to configuring when and how agents invoke tools, including disabling or sequencing parallel use to avoid conflicts, … So, based on the study analysing 3,191 Stack Overflow posts (from 2021–2025), developers encounter a diverse set of issues when building, deploying and maintaining AI Agents. The research identified **seven major challenge areas…** 1. Operations (Runtime & Integration) 2. Document Embeddings & Vector Stores 3. Robustness, Reliability & Evaluation 4. Orchestration 5. Installation & Dependency Conflicts 6. RAG Engineering 7. Prompt & Output Engineering These reflect **real-world pain ** like integration hurdles, framework instability and evaluation gaps. > The **most prevalent challenges ** highlight where developers spend the most time asking questions. **Installation & Dependency Conflicts** tops the list at **21%** — a frequent but often resolvable issue tied to rapid ecosystem churn. … I can imagine orchestration is tricky…AI Agents aren’t linear scripts — they’re ***dynamic graph** * s often with*** parallel tool calls ** * and multi-agent interactions (in an Agentic Workflow). Lastly, the study also notes that developers face significant challenges in ***RAG engineering for AI agents.** *

Yet despite their promise, developing AI agents comes with a set of recurring challenges that organizations must carefully address to achieve real-world success. These challenges span multiple dimensions. On the technical side, issues such as access to high-quality training data, ensuring model accuracy, and integrating with existing IT systems often stall deployment. On the operational side, concerns around security, privacy, and compliance with regulations like HIPAA, GDPR, and the EU AI Act make adoption more complex. From a human perspective, there are also challenges in building trust with users, designing natural and useful interactions, and ensuring agents can work alongside human employees instead of creating friction. Finally, maintaining these agents over time—updating their knowledge bases, retraining models to prevent performance drift, and keeping costs under control—remains a continuous burden. … - ## Data Quality and Labeling Issues One of the most significant barriers in AI agent development is ensuring that the data used for training and fine-tuning is both high in quality and properly labeled. Poor-quality data introduces noise that can lead to incorrect outputs, hallucinations, or biased decision-making. For example, in healthcare, a mislabeled dataset of patient symptoms could cause a diagnostic AI agent to recommend an inappropriate treatment plan. In finance, errors in transaction labeling may prevent fraud detection agents from distinguishing between normal and suspicious behavior. The process of labeling itself is often expensive and labor-intensive. Manual annotation requires domain expertise—medical records must be labeled by healthcare professionals, financial transactions by compliance officers, and legal texts by lawyers. Relying on non-expert annotation introduces inaccuracies that cascade into the performance of the AI agent. This problem is compounded by class imbalance, where certain categories of data (such as rare diseases in healthcare or unusual fraud patterns in banking) are underrepresented, leading to skewed predictions. … - ## Data Privacy, Security, and Compliance Privacy and compliance concerns are among the most pressing issues in AI agent development, particularly in regulated industries like healthcare and finance. Sensitive datasets often contain personally identifiable information (PII), financial records, or medical histories that must be handled with strict adherence to laws such as GDPR in Europe, HIPAA in the United States, and the upcoming EU AI Act. Mishandling this data can result in significant fines, reputational damage, and even legal liability. … Common challenges include securing data during collection and transmission, anonymizing or pseudonymizing records without losing analytical value, and ensuring data governance frameworks are robust. Additionally, global organizations face the difficulty of navigating overlapping or conflicting regulatory environments. A dataset legally usable in one country may not be transferable across borders due to data sovereignty laws. … - ## Limited Access to Domain-Specific Datasets Even when organizations have the infrastructure to process and secure data, another challenge emerges: limited access to high-quality, domain-specific datasets. General-purpose AI models may perform well on broad knowledge tasks but often struggle in specialized fields such as oncology, maritime logistics, or high-frequency trading. Training AI agents for these use cases requires access to niche, proprietary datasets that are often scarce, fragmented, or held by a few industry incumbents. … This scarcity leads to performance bottlenecks, as AI agents trained on generic datasets often fail to generalize to complex domain-specific scenarios. For instance, a customer support agent trained only on open-source conversation datasets may not understand the nuanced queries of a healthcare insurance policyholder. Without domain-specific exposure, such agents risk producing irrelevant or even harmful outputs. … ## Model Development Challenges in AI Agent Development Building AI agents is not only about data; it is equally about selecting the right model, training it effectively, and ensuring it performs reliably in real-world environments. While the capabilities of large language models (LLMs) and other machine learning architectures have advanced rapidly, applying them to mission-critical AI agents remains difficult. Developers must grapple with issues around architecture selection, high training costs, the trade-off between generalization and specialization, and the challenge of making models interpretable. … The challenge lies in orchestrating these systems effectively. Too much reliance on generalized models increases the risk of hallucinations and irrelevant outputs, while over-specialization limits scalability and makes maintenance cumbersome. Developers must design flexible architectures that allow seamless switching between general and specialized capabilities depending on context. This balancing act is essential to creating AI agents that are both useful and reliable across diverse applications. … - ## Real-Time Responsiveness and Latency Issues AI agents are expected to operate in real time, responding instantly to user queries, sensor inputs, or external triggers. However, achieving low latency is difficult when dealing with large models, distributed systems, and resource-constrained networks. Even minor delays can degrade the user experience, erode trust, and limit adoption. … The challenge lies in striking the right balance between utility and privacy. Overly generic agents frustrate users with irrelevant recommendations, while overly intrusive agents risk alienating them by appearing invasive. Transparency in how data is collected and used is critical. Users should be informed of what information is stored, how it will be applied, and given the option to control or delete their data.

**TL; DR** • AI agents struggle with memory retention, making multi-step and long-term tasks inefficient. • Many AI agents generate false or misleading information, reducing their reliability. • Decision-making in AI lacks complexity, making it difficult for agents to handle multi-step reasoning. • Poor integration with CRMs, ERPs, and other enterprise tools limits AI adoption in businesses. • High AI development costs slow down widespread adoption, especially for small and mid-sized businesses. • Limited contextual understanding makes AI agents less effective in understanding long-form content. • Many AI agents require constant human supervision, preventing full automation. … For businesses and developers — especially those working with an **AI Agent development company** — these insights offer valuable perspective on what’s holding AI agents back and where innovation is most needed. Developers, researchers, and professionals chimed in with firsthand experiences about where today’s AI agents fall short. From memory issues to integration headaches, the thread surfaced key **AI agent limitations** that resonate across the industry. … AI agents frequently generate **false information** (hallucinations), making them unreliable for critical business decisions. “I honestly think it's hallucination, compounded hallucination. If you have a 95% accuracy AI making multi-step decisions, accuracy can drop to ~60% after 10 steps.” AI agents struggle with **multi-step reasoning** and adapting to new situations. They often fail in complex decision-making tasks that require strategic thinking. “There are a lot of issues, including lack of complex reasoning, lack of metacognitive abilities, and grounding metadata.” AI agents often **struggle to integrate with existing enterprise systems**, making deployment challenging. Businesses frequently deal with outdated processes that prevent AI adoption. “I’d say companies themselves are the limitation... 4/5 businesses have janky things in their workflow that make AI adoption difficult.”

As expected, **hallucinations** and other inaccuracies were the big one: after all, it doesn't matter how cheap, fast, or convenient a model is if you can't trust its output. Another common issue was **context limitations**, which becomes especially relevant when you try to apply these models to large existing codebases, as opposed to using them to prototype new ideas.

We examined developers’ understanding of security risks, the practices and tools they use, the barriers to stronger security measures, and their suggestions for improving the npm ecosystem’s security. Method: We conducted an online survey with 75 npm package developers and undertook a mixed-methods approach to analyzing their responses. Results: While developers prioritize security, they perceive their packages as only moderately secure, with concerns about supply chain attacks, dependency vulnerabilities, and malicious code. Only 40% are satisfied with the current npm security tools due to issues such as alert fatigue. Automated methods such as two-factor authentication and npm audit are favored over code reviews. Many drop dependencies due to abandonment or vulnerabilities, and typically respond to vulnerabilities in their packages by quickly releasing patches. Key barriers include time constraints and high false-positive rates. … The findings revealed that supply chain attacks ranked as the main concern, followed closely by dependency vulnerabilities and malicious code injection, which are ranked second and third, respectively. In addition, the two top-ranked threats received very similar scores, indicating a high level of concern among developers. Next, respondents were presented with an optional free-text response question (#12) to specify other areas they perceive as significant security threats to npm packages. ... The themes identified are: … - • Security Tool Issues. The primary concern is alert fatigue caused by “too much noise” in security notifications, where the volume of alerts can make it difficult to identify and prioritize genuine security threats. - • Ecosystem Fragmentation. Ensuring support for multiple package managers (e.g., npm, pnpm, yarn) and JavaScript runtimes (e.g., Node, Deno, Bun) can make package maintenance challenging, which can distract developers from security concerns. … - • Tool Noise and Alert Fatigue. Respondents complained that security scanners generate too many false positives or contextually irrelevant warnings, as one respondent noted, “The security scanning system in npm is a complete joke and more of a nuisance than anything. 99% of the “vulnerabilities” are idiotic and not worthy of a real CVE.” These excessive or low-value alerts may be counterproductive, as they divert developers from conducting meaningful work. As another remarked, “way to noising and causing lots of work for maintainers.” … Summary for RQ1. Developers viewed security as important and essential, yet most rate their own packages only “Somewhat Secure.” The primary security concerns include supply chain attacks, dependency vulnerabilities, and malicious code injection. Only 40% of developers are satisfied with the current security tools for npm packages. Common issues include alert fatigue, feature gaps, and a lack of awareness about available tools. … As shown in Table 7, respondents most frequently cited time constraints as a key barrier (49 responses; 26.2%). Other notable challenges included difficulty keeping up with security updates and emerging threats (33; 17.6%) and the complexity of managing dependencies (23; 12.3%). Insufficient community support was the least cited issue, reported by only 11 respondents. In addition, security testing and balance of security with other quality attributes each received 14 responses. On average, respondents selected approximately three distinct challenges, underscoring that obstacles are multifaceted rather than isolated. … At the tool level (Table 8), the obstacle most frequently reported was a high false-positive rate in security scans (35 responses; 30.2%), followed by inaccurate vulnerability detection and limited automation for dependency management. The least reported issue was integration difficulties with CI/CD pipelines (7 responses). Comments in the “Other” category included licensing constraints, overreliance on dependencies, and tools limited to static analysis. … Summary for RQ3. Time constraints are the most frequently cited barrier to secure package development, with other challenges including difficulties in keeping up with security updates and managing dependencies. At the tool level, a high false-positive rate in security scans was the most frequently reported issue, while CI/CD integration issues are comparatively rare. … Supply Chain Vulnerabilities and Ecosystem Fragility. Our findings confirm that supply chain attacks and dependency vulnerabilities are developers’ primary concerns in the npm ecosystem, with free-text responses describing trust issues with maintainers, unmaintained dependencies, and risky post-install scripts. These results align with broader research showing that attackers exploit three main vectors: injecting vulnerabilities into dependencies, compromising build infrastructure, and targeting developers through social engineering (Williams et al., 2025). Addressing these issues necessitates better auditing tools, registry monitoring, and enhanced governance and community practices for secure maintenance. Dependency Problems and Discontinuation Decisions. There is notable variability in dependency update practices among developers: some adopt proactive, automated strategies, while others never update dependencies unless prompted by external events. This variability increases systemic risk, as outdated and abandoned dependencies persist in the ecosystem. When developers do discontinue dependencies, the most frequent drivers are package abandonment and unpatched vulnerabilities, further highlighting the fragility of the dependency network.

Even so, without an organized approach to managing npm packages, organizations will end up facing significant risks, including security issues resulting from vulnerabilities, non-compliance with licensing, and issues with poorly maintained packages. That’s where this article comes in. ... When using npm packages across an organization, creating clear standards helps avoid issues like version conflicts and security vulnerabilities. Managing internal repositories requires a bit of a different approach to open-source community repositories. Three key practices for doing this are: **⭐ Use Scopes**: represented by prefixes like `@my-org/package-name`, these help prevent dependency confusion and ensure organizational identity. … ### npm Package Approval Flows & Connectors Using npm packages in development directly from npmjs.org is pretty common, but a *big * risk, especially at enterprise level. Quality, security, and licensing of npm packages vary widely, and could expose your projects to vulnerabilities or legal issues. The sheer number of npm packages and dependencies (potentially 1000+ in any given project) can also overwhelm your team, increasing the chance of errors and security oversights. To get around this, organizations should implement processes to make sure only approved npm packages are used in development. There are a couple of options for this: **💡 A package approval workflow** to vet and promote packages to an “approved” repository, making sure developers can only use packages assessed as safe for production **💡 Filtering npm packages** by scope to block unverified ones by default. … ## Maintaining npm Package Integrity and Safety ... Vulnerabilities in npm packages can lead to anything from data breaches or code injection attacks to unauthorized access to sensitive information. Running `npm audit` helps identify these vulnerabilities, but it can be difficult to determine which *actually * pose a risk since this only provides a severity rating, not a detailed risk assessment. Just because a package’s severity is “**high**”, doesn’t necessarily mean it’s easily exploitable. Addressing vulnerabilities shouldn’t just be a case of upgrading packages blindly, as you may just end up with new issues or broken functionality. Instead, you should be assessing each vulnerability individually, determining the actual risk it poses to your development. Package managers like ProGet can help with this process by assessing vulnerabilities based on your organization’s operational profile, and providing actionable guidance via its PVRS categorizations, avoiding the review fatigue that comes with manually assessing all of a project’s package vulnerabilities. ### npm Dependencies with Lock Files Part of managing npm dependencies is dealing with version conflicts. If one developer installs Express version `4.16.0` and another installs `4.18.0`, this can lead to compatibility issues and a broken application. Lock files (e.g., `package-lock.json`) resolve these issues by recording exact package versions, ensuring all team members work with the same environment. To make dependency management smoother, you should: ⭐ **Commit lock files regularly**: This keeps versions consistent across all environments. ⭐ **Specify precise version ranges in `package.json`**: Avoid potential conflicts and keep things predictable. ⭐ **Update dependencies regularly**: Keep your app secure and benefit from the latest features and bug fixes. ⭐ **Use a private package repository**: Using a private package repository like ProGet gives you more control over what packages get used in production. That covers the safety of packages and development, but doesn’t really make sure your npm packages meet your organization’s legal and compliance needs. ... Relying on npm tags like “`latest`” or “`next`,” when managing npm packages in development can lead to dependency conflicts and unexpected breakages. Let’s say one developer tags a pre-release version as “`alpha`” and another developer uses the same tag for a different pre-release version, the original tag can be overwritten. This is a big deal in CI/CD workflows, where unstable code can easily slip into production, causing all kinds of headaches. … ## Effective npm Management in Your Organization Managing npm packages in your organization can be tricky—security risks, legal issues, and poorly maintained packages are just the start. Throw in version conflicts and audit fatigue, and it can quickly get overwhelming. To stay ahead, it’s important to establish clear npm practices like using scoped packages, enforcing Semantic Versioning, and automating license compliance. Implementing approval workflows, running regular vulnerability assessments, and using lock files can help keep things secure. Tools like ProGet can also make the process easier and reduce risks.

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. ## Let’s start with the original problem Historically, npm relied on classic tokens: long-lived, broadly scoped credentials that could persist indefinitely. If stolen, attackers could directly publish malicious versions to the author’s packages (no publicly verifiable source code needed). This made npm a prime vector for supply-chain attacks. Over time, numerous real-world incidents demonstrated this point. Shai-Hulud, Sha1-Hulud, and chalk/debug are examples of recent, notable attacks. ## npm’s solution To address this, npm made the following changes: 1. npm revoked all classic tokens and defaulted to session-based tokens instead. The npm team also improved token management. Interactive workflows now use short-lived session tokens (typically two hours) obtained via npm login, which *defaults* to MFA for publishing. 2. The npm team also encourages OIDC Trusted Publishing, in which CI systems obtain short-lived, per-run credentials rather than storing secrets at rest. … ## Two important issues remain First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s console. If you look at the original email attached below, you can see it was an MFA-focused phishing email (nothing like trying to do the right thing and still getting burned). The campaign tricked the maintainer into sharing both the user login and one-time password. This means in the future, similar emails could get short-lived tokens, which still give attackers enough time to upload malware (since that would only take minutes). Second, MFA on publish is optional. Developers can still create 90-day tokens with MFA bypass enabled in the console, which are extremely similar to the classic tokens from before. These tokens allow you to read and write to a token author’s maintained packages. This means that if bad actors gain access to a maintainer’s console with these token settings, they can publish new, malicious packages (and versions) on that author’s behalf. This circles us back to the original issue with npm before they adjusted their credential policies. To be clear, more developers using MFA on publish is good news, and future attacks should be fewer and smaller. However, making OIDC and MFA on-publish *optional* still leaves the core issue unresolved. In conclusion, if (1) MFA phishing attempts to npm’s console still work and (2) access to the console equals access to publish new packages/versions, then developers need to be aware of the supply-chain risks that still exist. … 3. At a minimum, it would be nice to add metadata to package releases, so developers can take precautions and avoid packages (or maintainers) who do not take supply chain security measures. In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, identity-bound credentials become the norm — and MFA bypass is no longer required for automation — supply-chain risk from compromised build systems remains materially present.

Many developers feel GitHub has left npm to stagnate since its 2020 acquisition, doing just enough to keep it running while neglecting innovations. Security problems and package spam have only intensified these frustrations. Yet these newcomers face the same harsh reality that pushed npm into GitHub's arms: running a package registry costs serious money -- not just for servers, but for lawyers handling trademark fights and content moderation. Many developers feel GitHub has left npm to stagnate since its 2020 acquisition, doing just enough to keep it running while neglecting innovations. Security problems and package spam have only intensified these frustrations. Yet these newcomers face the same harsh reality that pushed npm into GitHub's arms: running a package registry costs serious money -- not just for servers, but for lawyers handling trademark fights and content moderation. ## "Problem: There are now 28 competing standards." (Score:2) ## Re: (Score:3) ... You can publish any sort of tool for others to use in their projects easily, and on the other side you can find a tool for almost anything you need. But the idea of just changing the code you fetch to suit your needs has become an extremely difficult problem to solve. You can't just go edit the code to fix it for your case and push it to your team's repo, and send a patch to the owner if you think it helps. No. Now you gotta go up to th

1) Performance Issues: npm can sometimes suffer from performance issues, especially in large-scale projects with many dependencies. Some developers find Yarn and pnpm faster. Slow installation times and high resource consumption may impact developer productivity and build times. 2) Versioning Complexity: Managing package versions and dependency conflicts can be very challenging with npm, particularly in projects with complex dependency trees. 3) Security Concerns: npm packages are not immune to security vulnerabilities, and relying on third-party code introduces potential risks to projects. 4) Dependency Bloat: npm's default behavior of installing packages locally can lead to dependency bloat, where projects accumulate unnecessary dependencies over time. Please dont take as I am defaming the NPM these are the problem I found with NPM while I was working on monorepos

**TL;DR:** The npm ecosystem is dangerously fragile. The September 2025 attack exposed deep, systemic flaws in how we manage and secure open source packages. Fixing this requires more than patching vulnerabilities—we need structural reforms, from governance to cryptographic safeguards. The npm package registry is the beating heart of modern software development. But in September 2025, that heart skipped a beat. A coordinated attack compromised several high-traffic npm packages, affecting projects downloaded over 2 billion times. While the breach was detected quickly, the implications run far deeper than a single incident. ... When attackers breached multiple npm packages—some with billions of downloads—they didn’t just exploit individual weaknesses. They exposed systemic issues in how the ecosystem operates. According to OX Security’s analysis, attackers used social engineering and credential theft to gain access to maintainer accounts. ... It was a failure of the system that puts critical infrastructure in the hands of unpaid volunteers with few safeguards. ### Why the Current npm Model Is Broken The npm ecosystem relies on a few core assumptions that no longer hold up under scrutiny: #### 1. **Single Maintainer Control Is a Risk** Many popular packages are maintained by one or two individuals. If their credentials are compromised—or if they burn out—the entire chain of dependent software is at risk. We need **multi-party authorization** for publishing updates to high-impact packages. #### 2. **Lack of Cryptographic Verification** Right now, anyone with access to a maintainer account can publish a new version of a package. Without **cryptographic package signing using hardware security keys**, there’s no end-to-end trust in what developers are installing. #### 3. **Weak Authentication Practices** The attack succeeded in part due to phishing and weak authentication. For critical packages, we need **phishing-resistant authentication**, such as mandatory hardware tokens or biometric verification. #### 4. **No Economic Support for Maintainers** Expecting unpaid individuals to secure core infrastructure is unrealistic. We need **economic models** that provide sustainable funding for security audits, maintenance, and incident response. #### 5. **Orphaned Packages Create Risk** When maintainers step away, critical packages can become orphaned. Without a **governance structure** to take over responsibility, these packages become soft targets for attackers. #### 6. **Manual Security Reviews Don’t Scale** Given the volume of updates, **automated security review processes** are essential. These can flag anomalies, detect malicious patterns, and reduce the burden on human reviewers. #### 7. **No Community-Led Oversight** We need **community-driven security committees** for widely used packages like `chalk`, `debug`, and `lodash`. These groups can provide oversight, coordinate responses, and enforce best practices. ### Key Takeaways **Centralized control is a vulnerability**: Critical packages should require multi-party approval for updates. **Trust must be verifiable**: Implement cryptographic signing and hardware-based authentication. **Security requires resources**: Fund and support maintainers of essential packages. **Governance matters**: Create fallback structures for maintaining orphaned or high-risk dependencies. **Scale with automation**: Use automated tools to review and flag suspicious updates. … • Continuous Integration and Continuous Deployment (CI/CD): Building a Better Future One Commit at a Time – CI/CD practices are closely tied to npm workflows; this article explores how better tooling and automation can solve ecosystem pain points such as dependency issues and deployment reliability. • Why “Move Fast and Break Things” Might Break Your Business – This piece critiques the rapid iteration culture that often leads to fragile package ecosystems, offering a philosophical counterpoint relevant to npm’s current challenges and the need for more responsible development practices.

`package.json` which will satisfy a dependency), it is all but impossible to say exactly *what* you’ll get *a priori*, as large parts of the dependency graph may change substantially between package versions. Really, all of this simply compounds the root problem: well meaning development principles have been pushed to their logical extreme. This ultimately makes simply understanding what you’ll get with a given install an almost impossibly hard problem. This is doubly true if you want to develop anything more than a cursory understanding of the stuff that sits upstream from your development efforts – not mentioning the authors and maintainers *behind* those packages. … ### It Only Gets Worse While all of this seems bad enough, what about updates to those 7,000 existing packages? Even if we have undeniable proof that all of the authors sitting upstream are honest and well intentioned, what happens if they suffer a credential breach, like the relatively-recent one suffered by Docker Hub? Additionally, what if their account credentials are compromised in some other way? … *thousands* of third party dependencies for a single library is astronomical – especially when you consider that many of those packages (especially in the NPM ecosystem) are less than 5 (not 500, or 5k, but 5) Source Lines Of Code (SLOC) in length. While that is generally not a great measure of effectiveness, the risk/reward and maintenance trade-offs of incorporating libraries which have many times more text in licenses and packaging files (such as build files, manifests, etc) than what resides within the body of the package itself is absolutely terrible.

## The Current State: A Security Disaster Waiting to Happen Let's be honest about what we're dealing with. Today's package ecosystems operate on a foundation of trust that's fundamentally incompatible with the reality of modern software supply chains: - **Anyone can publish anything** with minimal verification - **Updates can be instant** with no cooling-off period for review - **Dependencies nest infinitely** creating attack surfaces developers never see - **Maintainer accounts are single points of failure** protected only by traditional 2FA … ### 3. Phishing-Resistant Authentication **Stop using TOTP codes.** They're fundamentally phishable and inadequate for critical infrastructure. - **Passkeys/WebAuthn only** for package publishing - **Hardware security keys** for npm accounts - **Domain-bound authentication** that can't be proxied Passkeys are unphishable by design because they're cryptographically bound to the correct domain. An attacker can create a perfect replica of npmjs.com, but they can't make passkeys work on npmjs.help. … ### 5. Transparent Build Processes **Source code should match published packages.** The disconnect between GitHub repositories and npm packages is a massive security hole. - **Provenance attestation** linking packages to source commits - **Reproducible builds** that can be verified by third parties - **Automated scanning** of source-to-package differences