|
|
|
|
|
|
by bigiain
1680 days ago
|
|
|
That one, combined with the other “ability to read names of private packages, makes for the possibility of a really really sneaky attack. I wonder how many orgs treat their private npm packages with significantly less scrutiny than the public ones they rely on? |
|
|