Y
Hacker News
new
|
ask
|
show
|
jobs
by
Tipewryter
1807 days ago
That is a very broad question. Can you mention a specific attack vector? Then I might be able to explain how I do or do not avoid it.
1 comments
ed_balls
1806 days ago
The link describes the attack vector. pipenv locks the dependencies using hash. if you company has my-company-py-lib then pip could install public library that pretends to be internal.
link