HackerTrans
热门最新趋势评论往期问答秀出招聘

codedrift_

no profile record

评论

codedrift_
·10个月前·讨论
> To achieve this, we require that packages are built on a trusted CI/CD platform

Given what happened with NX [1], I'm hoping GitHub Actions disallows certain types of commands in their YAML. Otherwise we still have a straightforward way to attach provenance to malicious code. =\

1: https://x.com/adnanthekhan/status/1958722939534417989