|
|
|
|
|
|
by dboreham
2765 days ago
|
|
|
I must be misunderstanding the attack: didn't it involve checking in malicious code to a repo used to build a package published in npm? Or are you suggesting that all code in github should be considered untrusted, but somehow able to be verified by npm? |
|
|