Zach Leat is a frontend developer and accessibility advocate known for his expertise in web typography and design systems. Readers can learn about typography principles, web design trends, and accessibility best practices. With articles, tutorials, and design showcases, Zach Leat provides  guidance and inspiration for creating visually appealing and accessible web experiences.

Zach Leatherman

Comprehensive guide to securing npm package publishing workflows in response to recent supply chain attacks. Covers eliminating access tokens in favor of OIDC Trusted Publishers, implementing 2FA requirements, using password managers, pinning GitHub Actions dependencies, checking in lock files, and restricting publishing access. Includes detailed security checklist with specific configuration steps for GitHub and npm, plus additional recommendations like immutable releases and package manager cooldowns.

No more tokens! Locking down npm Publish Workflows—zachleat.com