About
Phil Nash is a developer relations engineer for Langflow at IBM. Sometimes he writes code on stage in front of a crowd, hoping everything just works. Sometimes he writes open source code, which is much less stressful because if it is wrong someone else can correct it. He writes code in tweets or toots sometimes, but not much fits. He has been known to live code on Twitch and if you're looking for code here, check out the blog.
Blog
The latest post from Phil's blog.
Things you need to do for npm trusted publishing to work
After the recent supply chain attacks on the npm ecosystem, notaby the Shai-Hulud 2.0 worm, GitHub took a number of actions to shore up the security of publishing packages to hopefully avoid further attacks. One of the outcomes was that long-lived npm tokens were revoked in favour of short-lived tokens or using trusted publishing.
See all blog posts.