Always recommend the 18F scope for published NPM packages

[aduth]

This pull request proposes to change recommendations around publishing NPM packages to always recommend the use of the 18F organization for scoping, as a way to...

• Clearly identify the maintaining organization
• Simplify permissions management
• Reduce chance of naming conflicts or typosquatting attacks

The last of these points has already happened within TTS: for a time, a malicious package uswds-gulp existed, purporting itself as the uswds/uswds-gulp toolchain. Scoped packages help to avoid these sorts of attacks, because only members of the organization are allowed to publish packages using the scope.

I had raised this as a discussion point in Slack some time ago, but only today realized we have guidance around it.

Reading the previous guidance, I do see some merit to the idea that packages with no necessary association with 18F needn't be scoped as such, though personally I see the advantages of scoping outweighing this. I'm very open to other viewpoints, however!

[github-actions[bot]]

Pa11y testing results

``` > development-guide@1.0.0 pa11y-ci:sitemap /home/runner/work/development-guide/development-guide > pa11y-ci --sitemap https://engineering.18f.gov/sitemap.xml --sitemap-find https://engineering.18f.gov --sitemap-replace http://localhost:4000 --sitemap-exclude "/*.pdf" Running Pa11y on 39 URLs: > http://localhost:4000/architecture-reviews/ - 0 errors > http://localhost:4000/architecture-reviews/data-act-pilot/ - 0 errors > http://localhost:4000/architecture-reviews/micro-purchase/ - 0 errors > http://localhost:4000/accessibility-scanning/ - 0 errors > http://localhost:4000/browser-testing/ - 0 errors > http://localhost:4000/code-review/ - 0 errors > http://localhost:4000/continuous-deployment/ - 0 errors > http://localhost:4000/datastore-selection/ - 0 errors > http://localhost:4000/development-environments/ - 0 errors > http://localhost:4000/css/ - 0 errors > http://localhost:4000/docker/ - 0 errors > http://localhost:4000/incident-reports/ - 0 errors > http://localhost:4000/example-workflows/ - 0 errors > http://localhost:4000/incident-reports/cloud-gov/ - 0 errors > http://localhost:4000/frontend/ - 0 errors > http://localhost:4000/ - 0 errors > http://localhost:4000/language-selection/ - 0 errors > http://localhost:4000/integrations/ - 0 errors > http://localhost:4000/javascript/ - 0 errors > http://localhost:4000/license/ - 0 errors > http://localhost:4000/markdown/ - 0 errors > http://localhost:4000/laptop-setup/ - 0 errors > http://localhost:4000/people/assessment/ - 0 errors > http://localhost:4000/people/ - 0 errors > http://localhost:4000/nodejs/ - 0 errors > http://localhost:4000/project-setup/ - 0 errors > http://localhost:4000/resources/ - 0 errors > http://localhost:4000/python/ - 0 errors > http://localhost:4000/ruby/ - 0 errors > http://localhost:4000/release-strategies/ - 0 errors > http://localhost:4000/security/ - 0 errors > http://localhost:4000/security/dependency-remediation/ - 0 errors > http://localhost:4000/security/content-security-policy/ - 0 errors > http://localhost:4000/security/cloud-services/ - 0 errors > http://localhost:4000/security/output-encoding/ - 0 errors > http://localhost:4000/security/incident-response-drills/ - 0 errors > http://localhost:4000/web-architecture/ - 0 errors > http://localhost:4000/sharepoint/ - 0 errors > http://localhost:4000/workflow/ - 0 errors ✔ 39/39 URLs passed ```

[Sgtpluck]

Thanks @aduth! I think this is a great update. just FYI you can request @echappen or me on PRs to the handbook to make sure we see them more quickly.

[aduth]

Will do in the future! Thanks @Sgtpluck