|
|
|
|
|
|
by tanepiper
270 days ago
|
|
|
No, it doesn't solve it - but it might minimise the blast radius - there are so many unmaintained libraries of code that indeed one compromised minor patch on any dependency can become a risk. That's sort of the thing - all of these measures are just patches on the fundamental problem that npm has just become too unsafe |
|
|