alt Hacker NewsThe point is to allow the automated scanners a chance to run.
Every security company and their cousin wants to be the one to find the next big dependency malware.
The point is to allow the automated scanners a chance to run.
Every security company and their cousin wants to be the one to find the next big dependency malware.
The idea that a package can be updated and with a deploy at the right time could be live on your servers in prod 10 minutes later has always been crazy, and the last years have just reinforced that.
People are encouraged by package managers to treat any bit of code someone tosses onto a package manager as equivalent in reliability to the core language and sdk.