Link to "npm audit is a security theater" bug report

[matkoniecz]

One thing that is missing from https://overreacted.io/npm-audit-broken-by-design/ is a link to a proper bug report.

I see npm/cli#3930 that was closed (!!!) because it was being discussed at npm/rfcs#422

Like THAT would even partially solve ongoing severe bug.

Maybe also mention that they close bug reports under pretext that it is discussed somewhere?