Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
arianvanp
33 days ago
|
parent
|
context
|
favorite
| on:
Open source security at Astral
The problem is nobody checks.
All the axios releases had attestations except for the compromised one. npm installed it anyway.
raphinou
33 days ago
[–]
Yes, that's why I aim to make the checks transparant to the user. You only need to provide the download url for the authentication to take place. I really need to record a small demo of it.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
All the axios releases had attestations except for the compromised one. npm installed it anyway.