[$] Dependency-cooldown discussions warm up
Efforts to introduce malicious code into the open-source supply
chain have been on the rise in recent years, and there is no indication that they
will abate anytime soon. These attacks are often found quickly, but not quickly
enough to prevent the compromised code from being automatically injected into other
projects or code deployed by users where it can wreak havoc. One method of avoiding
supply-chain attacks is to add a delay of a few days before pulling upates in what
is known as a βdep β¦ β Read more