I wonder if both are possible with a trust system where releases can be approved or signed by community members. This way we can have automatic semver updates for releases approved by people we trust.
Something like "I trust NPM so accept all releases that NPM has approved". Large companies could have their own internal approval keys etc.
Something like "I trust NPM so accept all releases that NPM has approved". Large companies could have their own internal approval keys etc.