a concern i have is that it's only a matter of time before a similar attack is done to electron based apps (which also have packages installed using npm). probably worse because it's installed in your computer and can potentially get any information especially given admin privileges.

▲

hedora 2 hours ago | parent [-]

I'd really like to know how signal deals with this. It's supposedly super secure + stuff, but it's built on top of this ecosystem.

	▲	venturecruelty 39 minutes ago \| parent [-]
		They probably don't willy-nilly install every new patch that comes down the pike?