|
|
|
|
|
|
by captn3m0
5 hours ago
|
|
|
Package-level hooks are everywhere: https://github.com/ecosyste-ms/package-manager-hooks I wrote this in response to the recent AUR attacks. The problem isn’t really too many dependencies - it is that most users cannot be auditing everything they install and we need mechanisms that help users where they are. I audit my AUR pkg builds, and I would have likely caught any malware. But so would a Dependency Cooldown or a third-party threat feed. Package Managers should make it easy to build this tooling via hooks. |
|
|