Scary exploit. TODO:
‣ No secrets in env files
‣ Restrict sudo/SSH key access
‣ Block same-day dependency upgrades or exotic transitive dependencies
‣ Block GH workflow runs for external contributors
‣ Npm ecosystem continues to be a dumpster fire
www.youtube.com/watch...
Fireship
www.youtube.com
Alexandru Nedelcu
