codeinabox@programming.dev to Programming@programming.devEnglish · 3 months agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square29linkfedilinkarrow-up11arrow-down10cross-posted to: technology@lemmy.world
arrow-up11arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comcodeinabox@programming.dev to Programming@programming.devEnglish · 3 months agomessage-square29linkfedilinkcross-posted to: technology@lemmy.world
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up0·3 months ago You should probably turn off Dependabot Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.
Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.
The discovered ones anyway.