Why is there no secure npm?
I want to use some of the build tools, but there is no way to judge if packages are secure.
Presumably many organisations are vetting code they use, so many packages have been checked, but the information is not public...