Remix.run Logo
tabwidth an hour ago

Most of the malicious ones just curl something in a postinstall script, scanners already catch that. The sneaky ones don't look malicious until they run, and three days may not help.

MeetingsBrowser an hour ago | parent | next [-]

There are plenty of ways to notice a malicious release without observing it running.

Build provenance, maintainer alerts on new releases, tying releases to specific git tags, etc all help.

drdexebtjl an hour ago | parent | prev [-]

Every single one now will be more sneaky, and we’ll be operating on a 3-day cooldown for no reason.

brookst 38 minutes ago | parent [-]

You really think it has zero benefit whatsoever? Nothing malicious will be caught?