Sure, in a true supply chain attack, you wouldn’t be able to trust npm or github or whatever, but atleast you wouldn’t be compromised immediately.
And even outside of security concerns, why would you ever allow someone else to deploy code to your site without testing it first?
Sure, in a true supply chain attack, you wouldn’t be able to trust npm or github or whatever, but atleast you wouldn’t be compromised immediately.
And even outside of security concerns, why would you ever allow someone else to deploy code to your site without testing it first?