2 points | by shehackspurple a day ago ago
2 comments
> To every automated security system, these packages show "0 Dependencies."
With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?
More terrifying supply chain attacks against developers
> To every automated security system, these packages show "0 Dependencies."
With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?
More terrifying supply chain attacks against developers