| ▲ | mschuster91 3 hours ago | |
> or only allowing widely used, well-maintained Javascript libraries. That isn't a guarantee either, just last month someone compromised the Axios library. | ||
| ▲ | skydhash an hour ago | parent [-] | |
They stole the axios's npm keys and they uploaded malicious artifacts. They did not takeover the axios's repo. The issue is with packaging and distribution, not with code. | ||