A large part of npm's staggering success is the very low friction to publish packages. I worry that any mitigation that slows down the publishing side of things would kill innovation in the ecosystem.
Got it. Yea I agree that's useful and easy mitigation, and I'm sure enterprise users would certainly pay for other safety labeling/filtering/signing of packages.
