No no no, I should be using dependency cooldowns. You all should be finding the vulnerabilities and getting them fixed before they reach me.
I don't get your point. In most examples cited in the article, the supply chain attacks were found either by security researchers or maintainers realizing they did not intentionally push compromised version, not by everyday developers. The goal of dependency cooldowns is to give researchers and maintainers more time to detect attacks before they reach end-users.
It's a joke, not a real point, don't worry.
If we all use them, won't attackers switch to waiting an extra week before attempting to activate their attacks? This feels similar to antibiotics resistance in bacteria coming from over use of antibiotics.
Yes they could, but most importantly it gives more time for researchers and maintainers to detect attacks and fix them before they reach end-users.
Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development
Web development is the process of creating websites or web applications
Some webdev blogs
Not sure what to post in here? Want some web development related things to read?
Heres a couple blogs that have web development related content