Transitive check for pre-post install scripts #215
-
|
Hello Team, For ex: As an attacker I would create package X , without any pre/post install scripts, but I define that package X also depends on package Y (which is also created by me/attacker) and this package Y actually contains the malicious pre/post scripts . Does So me as an attacker would try to define two packages to bypass pre/post install check. Please advice |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Unfortunately, I didn't get to implement that in transitive dependencies, only in the direct package you install. Happy to receive and merge a PR to add this capability if you're planning to work on that 🙏🏽 |
Beta Was this translation helpful? Give feedback.
Unfortunately, I didn't get to implement that in transitive dependencies, only in the direct package you install. Happy to receive and merge a PR to add this capability if you're planning to work on that 🙏🏽