|
|
|
|
|
|
by mattstir
34 days ago
|
|
|
> Presumably npm exempts security updates from its minimum release age Why would it? Then an attacker would just push compromised code as a "security update". Since the majority of these npm attacks are account-based, the attacker can do everything the actual owner could. |
|
|