|
|
|
|
|
|
by eviks
225 days ago
|
|
|
Strange they haven't identified negative security implications: if the owner notices the hack he can delete the malicious release before the central authority, so this would limit the blast radius (think there was a recent such issue with npm where there was a delay between discovery (by the author) and removal) Otherwise yes, leftpad/coverup risk is a thing |
|
|