Be responsible, don't trust package managers. All it takes is for one single maintainer to wait until the reach is wide enough, then release a patch with a malicious payload and it spreads like wildfire because no one actually looks at and locks down a dependency like is-string to a patch version.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!