5 points | by sbulaev 11 hours ago ago
2 comments
Okay, so what's the obvious solution to all this supply chain poisoning?
Pin deps. Integrity hashing. Wait to update to latest. Mirror through a proxy. Adhere to code scanner guidelines (--ignore-scripts).
Okay, so what's the obvious solution to all this supply chain poisoning?
Pin deps. Integrity hashing. Wait to update to latest. Mirror through a proxy. Adhere to code scanner guidelines (--ignore-scripts).