|
|
|
|
|
|
by smithza
126 days ago
|
|
|
key word "encourages" when someone uses `npm install/add/whatever-verb` does it default to only using trusted publishing sources? and the dependency graph? either 100% enforcement or it won't stick and these attack vulnerabilities are still there. |
|
|