Y
Hacker News
new
|
ask
|
show
|
jobs
by
ric2b
40 days ago
That usually ends up as proxies to the upstream repos, because the people managing the company repos don't have time to review every new version of a package.
At that point you're just as vulnerable to a supply chain attack.