Securing npm is table stakes (Interview)

单集文稿 ...

• 00:08

  Welcome friends, I'm Jared and you are listening to The Change Log,

• 00:13

  where each week we interview the hackers, the leaders, and the innovators of the software world.

• 00:17

  As the creator and longtime maintainer of ESLint,

• 00:20

  Nicholas Zakis is well positioned to criticize GitHub's recent response to NPMs and security.

• 00:26

  He found their response insufficient and has other ideas on how GitHub could secure NPM better.

• 00:32

  On this episode, Nicholas details his ideas, paints a bleak picture of NPM alternatives like JSR,

• 00:37

  and shares our frustration that such a critical piece of internet infrastructure feels neglected.

• 00:43

  But first, a big thank you to our partners at fly.io, the platform for devs who just want to ship.

• 00:49

  Build fast, run any code fearlessly at fly.io.

• 00:53

  Okay, Nicholas Akis talking NPM on the changelog.

• 00:56

  Let's do it.

• 01:04

  This is the year we almost break the database.

• 01:08

  Let me explain.

• 01:09

  Where do agents actually store their stuff?

• 01:12

  They've got vectors, relational data, conversational history, embeddings,

• 01:17

  and they're hammering the database at speeds that humans just never have done before.

• 01:23

  And most teams are duct taping together a Postgres instance,

• 01:27

  a vector database, maybe Elasticsearch for search.

• 01:30

  It's a mess.

• 01:32

  Well, our friends at TigerData looked at this and said, what if the database just understood agents?

• 全部文稿