PREPRINT: Can the OpenSSF Scorecard be used to measure the security posture of npm and PyPI?
The OpenSSF Scorecard project is an automated tool to monitor the security health of open source software. We used the tool to understand the security practices and gaps in npm and PyPI ecosystems and to confirm the applicability of the Scorecard tool.
READ FULL TEXT