Comment by christophilus
2 days ago
Yeah, but if that app was built using a malicious dependency that only relied on the same permissions the app already uses, you’d just click “Yes” and move on and be pwned.
2 days ago
Yeah, but if that app was built using a malicious dependency that only relied on the same permissions the app already uses, you’d just click “Yes” and move on and be pwned.
Oh, I don't npm.
If I can't yum (et.al.) install it I absolutely review the past major point releases for an hour and do my research on the library.
Is there any guarantee that yum (et. al.) packages are audited?
What would qualify as a "guarantee" for you?