Not sure if this has already been posted since it’s kind of old news (early 2024), but I think that’s exciting. I’m currently looking into blog software with nice webgui and I might wait for this to become real. Looking at the announcement page, they seem to take it seriously and there’s continuous merged PRs since April until recently regarding AP on their GitHub.
What’s insecure about them?
Npm package manager is vulnerable to mitm attacks. The packages aren’t signed like, for example, apt does