https://github.com/ChALkeR/notes/blob/master/Gathering-weak-...
- node ships with npm
- npm has a high number of dependencies
- npm does not implement good practices around authentication.
Can someone compromise npm itself? probably, according to that article.
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-...
- node ships with npm
- npm has a high number of dependencies
- npm does not implement good practices around authentication.
Can someone compromise npm itself? probably, according to that article.