Comment by arianvanp
19 hours ago
The problem is nobody checks.
All the axios releases had attestations except for the compromised one. npm installed it anyway.
19 hours ago
The problem is nobody checks.
All the axios releases had attestations except for the compromised one. npm installed it anyway.
Yes, that's why I aim to make the checks transparant to the user. You only need to provide the download url for the authentication to take place. I really need to record a small demo of it.