good first issuehelp wantedtask
Métriques du dépôt
- Stars
- (4 876 stars)
- Métriques de merge PR
- (Merge moyen 6j 11h) (25 PRs mergées en 30 j)
Description
I think we've all had this in mind for quite a while but this was a direct reminder (widely used npm package with newly injected malicious code):
https://github.com/dominictarr/event-stream/issues/116
I don't think we should worry about auditing every single of our dependencies and Rust does a good job at protecting us from some of these attacks. At this stage I'm also not too worried about crates.io getting hacked. But I do think we should at least make sure every single of our dependency is pinned to a specific version.