NPM Security Insights API (opens in new tab)

They are revealing to the public if a package maintainer used Tor or 2FA. I do not think that information should be made public.