alt Hacker Newskey word "encourages"
when someone uses `npm install/add/whatever-verb` does it default to only using trusted publishing sources? and the dependency graph?
either 100% enforcement or it won't stick and these attack vulnerabilities are still there.
key word "encourages"
when someone uses `npm install/add/whatever-verb` does it default to only using trusted publishing sources? and the dependency graph?
either 100% enforcement or it won't stick and these attack vulnerabilities are still there.