The risk with relying on notifications is that it's retroactive and you are already exposed. Instead of attempting to stop threats before they enter your supply chain.
The idea is that the safety delay would protect your organization from automatically (and in many cases unintentionally) updating to a new compromised dependency version, where you are unaware of a problem. In the case…
Hey HN, In light of this week’s discussion on the corrupted NPM packages colors/fakers ( https://news.ycombinator.com/item?id=29863672 ) the article describes one of our security features that enforces a delay before…
The risk with relying on notifications is that it's retroactive and you are already exposed. Instead of attempting to stop threats before they enter your supply chain.
The idea is that the safety delay would protect your organization from automatically (and in many cases unintentionally) updating to a new compromised dependency version, where you are unaware of a problem. In the case…
Hey HN, In light of this week’s discussion on the corrupted NPM packages colors/fakers ( https://news.ycombinator.com/item?id=29863672 ) the article describes one of our security features that enforces a delay before…