alt Hacker NewsCooldown sounds like a good idea ONLY IF these so called security companies can catch these malicious dependencies during the cooldown period. Are they doing this bit or individual researchers find a malware and these companies make headlines?
Replies
subarctic • yesterday at 11:42 PM
Does it matter? The individual researchers could look at brand-new published packages just the same
➕ show 1 reply
It seems less likely that they'll find it before you're bitten by it if you intentionally race against them by choosing newest all the time, yea?