|
|
|
|
|
|
by dns_snek
72 days ago
|
|
|
I agree, I just think it's pointless to discuss Axios' commit-signing practices or lack thereof when NPM doesn't support any of it. It seems like axios was already using Trusted Publishing [1] and it still didn't get caught. You said that you "also" blame NPM, but they're the only party who should get any blame until they get their shit together. [1] https://github.com/axios/axios/issues/10636#issuecomment-418... |
|
|