Companies such as socket and safedep will still scan new packages and alert on malware (if they are able to detect it) so the packages are taken down before they pass your cool down
Companies such as socket and safedep will still scan new packages and alert on malware (if they are able to detect it) so the packages are taken down before they pass your cool down
It’s kind of insane this doesn’t happen in the publish pipeline by default.
This is what serious software distribution platforms do. Developers may think that they are special and they would never install malware, but that's just not the case.