| ▲ | hunter2_ 4 days ago | |
I thought getting code into brew is blocked by some vetting (potentially insufficient, which could be argued for all supply chains), whereas getting code into npm involves no vetting whatsoever. | ||
| ▲ | n8m8 3 days ago | parent [-] | |
Went and found the link: https://docs.brew.sh/Acceptable-Casks#apps-that-bundle-malwa... > Unfortunately, in the world of software there are bad actors that bundle malware with their apps. Even so, Homebrew Cask has long decided it will not be an active gatekeeper (macOS already has one) and users are expected to know about the software they are installing. This means we will not always remove casks that link to these apps, in part because there is no clear line between useful app, potentially unwanted program, and the different shades of malware—what is useful to one user may be seen as malicious by another. | ||