thepill·8 か月前·議論How do you test your projects if there are any infected/affected dependencies used? As i understand it could also be a dependency of a dependency ... that could be affected?
thepill·9 か月前·議論I recently learned about https://garagehq.deuxfleurs.fr/ but i have no expirience using it
thepill·10 か月前·議論I understand the problem mentioned with mcp servers but this kind of attack could happen to any external dependency (like a smtp package) i guess
thepill·11 か月前·議論The same thing that happend to grafana?https://grafana.com/blog/2025/05/15/grafana-security-update-...