|
|
|
|
|
|
by ex_amazon_sde
1957 days ago
|
|
|
I'm not sure what point you are making. Yet, reviewing hundreds of thousands SLOCs (across different languages) and also checking legal compliance requires significant skills, time and efforts. As an individual, you cannot justify reviewing the entire dependency tree across all your projects. Thankfully you can rely on the packages reviewed and built internally by your colleagues - or use a Linux distribution that does thorough vetting. |
|
|
I think there are supply chain attack vectors in those resources