Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface.
  • earthworm@sh.itjust.worksEnglish
    14·
    6 days ago

    The careful reader may note that my title is not quite accurate. It’s not every dependency you add that’s a problem; it’s every dependency you update.

    Why not put that in the title, Mr. Hoyt?