From 08c36e688e8635733f92080eb3598239d43259cb Mon Sep 17 00:00:00 2001
From: Marc Bernard <59966492+mbtools@users.noreply.github.com>
Date: Wed, 24 Aug 2022 11:59:08 -0400
Subject: [PATCH] docs: add statement about npm security best practices (#3324)

OWASP is explicitly mentioning Verdaccio in one of their recommendations for npm security best practices.

It's high praise so should be mentioned in a central place. If not here, you might find another page to add it.
---
 website/docs/what-is-verdaccio.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/docs/what-is-verdaccio.md b/website/docs/what-is-verdaccio.md
index 60ea0f59d..8d51cb1e1 100644
--- a/website/docs/what-is-verdaccio.md
+++ b/website/docs/what-is-verdaccio.md
@@ -5,6 +5,9 @@ title: "What is Verdaccio?"
 
 Verdaccio is a **lightweight private npm proxy registry** built in **Node.js**
 
+Using a private npm registry like Verdaccio is one of the [Top 10 NPM Security Best Practices](https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html#6-use-a-local-npm-proxy)
+recommended by the Open Web Application Security Project ([OWASP](https://owasp.org/)).
+
 <iframe width="560" height="515" src="https://www.youtube.com/embed/qRMucS3i3kQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 
 ## What's a registry? {#whats-a-registry}