Creation of Signed Packages Infrastructure for Node.js
A blockchain-based solution to protect the Node.js ecosystem from supply-chain attacks.
The Problem
There have been a lot of supply-chain attacks on projects, by way of creating fake or tainted node.js packages. The base for this attack is complete anonymity without even signature for the packages.
Our Solution
We plan to use our experience in blockchain technologies to create a new infrastructure for node.js where packages must be signed by developers and developer teams. Authorized signatures will be elected by the user and developer community.
Key Features
- Cryptographic package signing using blockchain technology
- Developer and team identity verification
- Community-elected trust system for authorized signatures
- Transparent audit trail for all package changes
- Protection against supply-chain attacks