|
|
|
|
|
|
by imposterr
2425 days ago
|
|
|
How do you stop someone from forking the project on GitHub, adding in a manifest, and then pushing to a package repository like npm? Is there a risk of popular projects that are distributed through GitRoyalty having unofficial versions with malicious code on the package repositories, similar to now typo-squatting works? |
|
|
These issues already exist in the world of open source, as you note, and the only way that I know of to stop it would be to have a more restrictive license (and to pursue any violations).