Hacker News new | ask | show | jobs
by akuchling 165 days ago
Stray thought: adding a library the PR submitter controls would be a good starting point for an XZ/SSH-style supply chain attack: badger & threaten the maintainers to add the dependency, and then sneak something into a future library update.
1 comments
falloutx 165 days ago
This seems like a huge red flag, there is no need to add any more dependencies to an already fully featured repo
link