Update 1 and add 1 link

ericcornelissen · ericcornelissen · commit cadc8f6ef42e · 2025-11-23T11:11:03.000+01:00
diff --git a/chains-opensource.md b/chains-opensource.md
@@ -25,6 +25,7 @@ The project's contributions to the open-source infrastructure.
   * [Search docker images by checksums sha256](https://github.com/docker/roadmap/issues/663)
 * npm
   * [[RRFC] Locally computed integrity values in the lockfile](https://github.com/npm/rfcs/issues/757)
+  * [[RRFC] Disallow external dependencies on the npm registry](https://github.com/npm/rfcs/issues/843)
 
 Applications:
 * Key contributions to make [go-ethereum / geth reproducible](https://github.com/ethereum/go-ethereum/issues/28987)
diff --git a/index.md b/index.md
@@ -44,7 +44,7 @@ To get notified about project news, subscribe to the [Chains mailing list](https
 (reverse chronological order, newest first)
 
 * 2025
-  - [NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js](https://arxiv.org/abs/2508.13750), ACM CCS, 2025.
+  - [NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js](https://doi.org/10.1145/3719027.3765136), ACM CCS, 2025.
   - [GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement](http://arxiv.org/pdf/2505.11016), Technical report 2505.11016, arXiv, 2025.
   - [The Design Space of Lockfiles Across Package Managers](http://arxiv.org/pdf/2505.04834), Technical report 2505.04834, arXiv, 2025.
   - [Canonicalization for Unreproducible Builds in Java](https://arxiv.org/abs/2504.21679), Technical report 2504.21679, arXiv, 2025.
