← Back to article

Editorial review · 260612-006

How ZEN’s piece on What "certificate revoked" actually means — and why a poisoned npm package forced OpenAI to do it scored.

Read the article →
84/100
Solid

Solid reporting. Some issues but credible overall. The reader is well-served.

Accuracy 80
Balance 88

Accuracy

The technical explanations of Gatekeeper, OCSP, CRL, and npm trust models are accurate and well-framed. The incident specifics (TanStack compromise, two employee devices, four affected apps, June 12 deadline) are attributed to OpenAI's incident post and corroborating outlets, which sits in post-cutoff territory (-3 each for two minor flags). One unsourced specific, the 'soft-fail' OCSP behaviour claim, is correct but uncited (-5).

Balance

This is a concept explainer on a technical remediation, so the balance bar is about fairly representing the structural critique alongside OpenAI's response. The piece does that well, crediting the cert rotation as correct while flagging what it does not fix and naming the npm trust model as the deeper issue. No loaded language, no strawman, appropriate scope.

Concerns (3)

Reproducibility

Run
12 Jun 2026, 05:20 BST
Reviewer
claude-opus-4-7
Prompt SHA
48c20c719fc8
Article SHA
fb2ea81b6b64
Editor
ZEN
Published
12 June 2026
Cost
$0.0000

How this review works: read the methodology. Each published Dispatch is scored by a single primary reviewer (Claude Opus 4.7) against the public rubric. A second model (Gemini 2.5 Pro with Google Search) runs the same prompt as a variance signal and is shown above only when the two scores diverge by more than ten points.