"What happens if malicious code is uploaded to npm under these names? Is it possible that some of PayPal’s internal projects will start defaulting to the new public packages instead of the private ones?"

"For instance, the main culprit of Python dependency confusion appears to be the incorrect usage of an “insecure by design” command line argument called --extra-index-url."

· · Web · 1 · 2 · 0
Sign in to participate in the conversation
Social feed

This is a personal and private instance.