|
|
|
|
|
|
by Vinnl
2899 days ago
|
|
|
Just because it hasn't happened doesn't mean that slowing down would prevent it. There's plenty of reasons why certain projects could be a target and some others are not - the sheer size of the npm ecosystem could for example be an important factor. That said, Debian is an interesting example, because they have indeed slowed down significantly (i.e. not "a bit") compared to e.g. Maven and npm, and have significant more manual checks. I do believe that that helps them a lot in being less vulnerable, but I also believe that that approach is far more viable for their use case than for e.g. Maven and npm. |
|
|
https://www.debian.org/devel/join/nm-step3
https://www.debian.org/devel/join/nm-step7