|
|
|
|
|
|
by jdxcode
21 days ago
|
|
|
1. the supply chain attacks I've seen are naive. They just leverage postinstall hooks. Malicious code also needs to be executed, not simply installed, so it's a lot less likely that an exploit would happen compared to postinstall since it can't just be buried in a transitive. 2. aube does the same. This is an extra level of protection if you've already whitelisted a package |
|
|