Package manager maintainer struggles with supply chain security
hackernews·1mo·alligatorplum
A solo package maintainer reflects on the recurring problem of malicious dependencies slipping through—and the near-impossible burden of vetting thousands of packages alone. It's a sobering look at the infrastructure costs that fall on individual makers.
Original story
Read the original on hackernewsRelated stories

Devtools
Erin Brockovich's data center map tracks infrastructure impact across USHacker News·1mo·cratermoon