2·
3 days agoGenuine question. How is NPM more vulnerable than other repos? Haven’t similar supply chain attacks succeeded at least as well as this one through GitHub itself and even Linux package repos?
LurkingLuddite
- 0 Posts
- 3 Comments
Joined 3 months ago
Cake day: February 4th, 2026
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
First time contemplating reality?
That sounds more like bad practices from the community. It definitely has ways to use exact versions. Not the least of which the lock file. Or the shrinkwrap file which public packages should be using.