Y
Hacker News
new
|
ask
|
show
|
jobs
by
arianvanp
63 days ago
The problem is nobody checks.
All the axios releases had attestations except for the compromised one. npm installed it anyway.
1 comments
raphinou
63 days ago
Yes, that's why I aim to make the checks transparant to the user. You only need to provide the download url for the authentication to take place. I really need to record a small demo of it.
link