|
|
|
|
|
|
by torstenvl
75 days ago
|
|
|
I was being sarcastic. Although hot linking is not particularly common, it's common enough; and unpinned dependencies are just as much if not more of a supply chain attack risk. I'd bet something like 70+% of all JS apps are inadequately protected against the risk of a malicious actor gaining access to a dependency's repo. Pearlclutching over this while ignoring the lessons of `left-pad` and `colors` is biased motivated reasoning at best. |
|
|