Who really published this package? Am I getting the same package this person published? Does this package have vulnerabilities? Is this package malware? These are questions we all ask about packages on the npm registry, and the answers are important to us as we develop services and applications with the code shared there. C J Silverio, CTO of npm, Inc, tells you how you can answer these questions and what npm is doing to allow the node world to share code with confidence.