|
|
|
|
|
|
by gizzlon
31 days ago
|
|
|
Interesting, this went Tanstack -> Nx Console -> GitHub I wonder how many other secrets and tokens have been stolen, just waiting to be abused to publish a malicious version of.. something. IMO, the problem is [1] that actually rotation all secrets just because you might have installed a compromised packe is a huuge PITA. So it's tempting to take it lightly and hope for the best. And even if you really try, it's easy to miss one. 1: in addition to "running code from whereever" with little sandboxing |
|
|