| ▲ | datsci_est_2015 6 hours ago | |
Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop? | ||
| ▲ | __float 5 hours ago | parent [-] | |
You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it). | ||