Even the most hardcore GNU supporters don't think Microsoft would add a supply c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		AmbroseBierce 13 days ago \| parent \| context \| favorite \| on: GitLab discovers widespread NPM supply chain attac... Even the most hardcore GNU supporters don't think Microsoft would add a supply chain attack to such initiative, or that their software security is worse than the average NPM (popular) package maintainer.

nottorp 12 days ago [–]

Just the lock in and telemetry are dangerous :)

And they're company policy as opposed to honest mistakes like security vulns.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact