|
|
|
|
|
|
by dirkc
141 days ago
|
|
|
Installing any 3rd party dev dependency without sandboxing should terrify you. These supply chain attacks are not hypothetical. Trusting other devs to not write malicious code has led to a surprisingly small number of incidents so far, but I don't think this will extrapolate into the future. With more lines of code being auto-written without deliberate intent or review from an accountable author, things can only get worse! |
|
|