|
|
|
|
|
|
by maxloh
235 days ago
|
|
|
I come from a JavaScript background, and I've got to admit that the ecosystem is designed in a way that is really prone to attack. It is like the xz incident, except that each dependency you pull is maintained by a random guy on the internet. You have to trust every one of them to be genuine and that they won't fall into any social engineering attacks. |
|
|