alt Hacker NewsYeah, but if that app was built using a malicious dependency that only relied on the same permissions the app already uses, you’d just click “Yes” and move on and be pwned.
Yeah, but if that app was built using a malicious dependency that only relied on the same permissions the app already uses, you’d just click “Yes” and move on and be pwned.
Oh, I don't npm.
If I can't yum (et.al.) install it I absolutely review the past major point releases for an hour and do my research on the library.