What a state of things where we have to fear installing software, and rely on vendors to scan things ahead of time, because our supply chain is such a mess and our tooling is so incapable of (and uninterested in) protecting us.
sunaookami•16m ago
No way to prevent this says only package manager where this regularly happens.
Insimwytim•13m ago
You cannot call it a supply chain, if you have zero contractual relationships with the authors of the solutions you are using.
insanitybit•23m ago
sunaookami•16m ago
Insimwytim•13m ago
[1] https://news.ycombinator.com/item?id=44434355
cryo32•11m ago