• wolf@lemmy.zip
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 months ago

    Agreed. I am more speaking of ‘in general’, for example there was a supply chain attack on a widely used npm package by writing an email to the author of the npm package. There are other ‘cheap’ attacks like dependency confusion, typo squatting etc.