codeinabox@programming.dev to Programming@programming.devEnglish · 3 months agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square29linkfedilinkarrow-up11
arrow-up11external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comcodeinabox@programming.dev to Programming@programming.devEnglish · 3 months agomessage-square29linkfedilink
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up0·3 months ago You should probably turn off Dependabot Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.
Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.
The discovered ones anyway.