undefined | Better HN

0 pointsjph003y ago0 comments

Perhaps -- but not "definitely". It depends on what the frequency of each of those things is.

So far IIUC the frequency of critical projects being removed from pypi is 1 (in the space of a few days - although it came back), and account takeover of critical projects for malware publishing is 0 (in the space of many years).

0 comments

2 comments · 1 top-level

donaldstufft3y ago· 1 in thread

- https://python-security.readthedocs.io/pypi-vuln/index-2022-... - https://www.mend.io/resources/blog/npm-package-javascript-li...

jph00OP3y ago

Thanks you - I stand corrected.

j / k navigate · click thread line to collapse