|
|
|
|
|
|
by pilif
3238 days ago
|
|
|
>They should first get package signatures implemented, it's a bigger threat to the npm community Considering that signature checking would not have prevented this attack that has actually happened, I would say that not having signed packages is not in-fact the bigger threat. Or can you point us to a prior example of a successful attack that could have been thwarted with proper signature checking? |
|
|