Y
Hacker News
new
|
ask
|
show
|
jobs
by
drdaeman
27 days ago
Even without post-install script, a malicious payload could be hiding in some function and just wait until the developer invokes `cargo run`. Not that many people audit the crates they pull into their projects.