Question for the devs in here...something I've been thinking about a lot recently. So I see that OP linked out to a public github repo...but when downloading the actual bundle, what's a quick way for me to determine that what I'm installing on my mac is actually the same as what's in the public repo? It's always seemed like a loophole to me ready for (potential) exploitation.
>> Ship project.
>> Link out Github repo on the static site somewhere
>> Gain trust instantly as users presume the public repo is what's used behind the scenes
Disclaimer: I'm a web dev and don't know a single thing about native MacOS software
I'm relatively new to the world of node. Is there anything objectively wrong or should I say nefarious with that this Jon person is doing? I guess, what's the issue here, from your perspective, if he's creating package (that albeit are simple) but some some amount of utility?
I am VERY curious to see how this recursion plays out, but I'm seeing the below error.
RuntimeError: This app has encountered an error. The original error message is redacted to prevent data leaks. Full error details have been recorded in the logs (if you're on Streamlit Cloud, click on 'Manage app' in the lower right of your app).