Looking to integrate WPS Office into a project and went to npm to find the SDK. Found several packages with WPS Office related names and most of the documentation is in Chinese which makes it harder to verify which one is actually official or at least trustworthy. Not trying to be paranoid but supply chain attacks through npm packages are a real concern and installing an unofficial or malicious package is exactly the kind of thing I want to avoid before pulling anything into a production project. Is there an officially published WPS Office SDK on npm that WPS maintains directly and if so what is the exact package name? For any packages that aren't directly from them, is there a way to verify they're trustworthy before using them? submitted by /u/archer02486 [link] [comments]