2 comments

[ 1.2 ms ] story [ 27.2 ms ] thread
More terrifying supply chain attacks against developers
> To every automated security system, these packages show "0 Dependencies."

With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?