| ▲ | rs186 3 days ago | |
Sure, it should never happen in CI environment. But I bet that every second, someone in the world is running "npm install" to bring in a new dependency to a new/existing project, and the impact of a malicious release can be broad very quickly. Vibe coding is not going to slow this down. | ||
| ▲ | naugtur 3 days ago | parent [-] | |
Vibe coding brings up the need for even more granular isolation. I'm on it ;) LavaMoat Webpack Plugin will soom have the ability to treat parts of your app same as it currently treats packages - with isolation and policy limiting what they can do. | ||