| ▲ | arianvanp 2 hours ago | |
The problem is nobody checks. All the axios releases had attestations except for the compromised one. npm installed it anyway. | ||
| ▲ | raphinou 2 hours ago | parent [-] | |
Yes, that's why I aim to make the checks transparant to the user. You only need to provide the download url for the authentication to take place. I really need to record a small demo of it. | ||