On Fri, Nov 25, 2022 at 12:38:01PM +0100, Mario Marietto wrote: > Why not ? Think about this : you can put the malicious code where there is > the lowest chance for someone to look.
And then, you can tie your shoes the wrong way, topple and fall. Well, duh. All that rambling is pretty useless if you don't go /look/ what is out there. Yes, source code injection is a thing. It seems to happen every other week in node.js; nowadays PyPI seems also to be active in that department. If you care about your results, better find ways of, well, auditing your code. Cheers -- t
signature.asc
Description: PGP signature
