|
|
|
|
|
|
by aichi
2746 days ago
|
|
|
It is not about PR with malicious code, I expect. I think the PR which will have backdoor code wold bump version of some dependency package only. Like the targeted attack on Bitcoin vallet few weeks ago. If you or your company isn't scanning dependencies you would never discover it. |
|
|