Y
Hacker News
new
|
ask
|
show
|
jobs
by
maccard
231 days ago
If that’s your concern you should be auditing the script and the dependencies anyway, whether they’re in a lock file or in the script. It’s just as easy to put malicious stuff in a requirements.txt