|
|
|
|
|
|
by skybrian
95 days ago
|
|
|
Installing npm modules seems similar as far as the risks go? The assumption is that you have a semi-trusted source of good libraries that's at least somewhat resistant to supply-chain attacks. A similar thing could in theory be done for well-known skills, but it requires a community norm of not releasing crap. So it seems like the question is how do you build something worthy of people's trust? |
|
|