|
|
|
|
|
|
by codebje
494 days ago
|
|
|
This is something that weighs on my mind a lot. Industry norm is to use 3rd party dependencies, and it's impractical to carefully vet direct dependencies let alone transitive dependencies. The article spits out a big list of reasons to worry about this, but in the end, the possible solutions aren't all that great. I have no answers: just questions that haunt me, from time to time. |
|
|