Mastodon Feed
baldur@toot.cafe ("Baldur Bjarnason") wrote:
RE: https://infosec.exchange/@agreenberg/116612806345022171
People have been warning for years that VS Code extensions, npm, GitHub Actions and similar systems were all insecure as designed. Add to that a pervasive monoculture and slop automation and we're in a disaster that simply didn't need to happen. npm could have been safer by default. GitHub Actions could have been better designed. VS Code could have sandboxed extensions better.