15 votes

What happens when packages go bad?

1 comment

  1. cfabbro
    Link
    At least that's something, I guess. And his conclusion is also pretty depressing to read. Auditing every single package you rely on seems completely unrealistic these days given everything's...

    CSP doesn't prevent a coin miner using the user's CPU, it just prevents the attacker profiting from it.

    At least that's something, I guess. And his conclusion is also pretty depressing to read. Auditing every single package you rely on seems completely unrealistic these days given everything's increasing complexity.

    I don't really have answers, just worries. Anyway, sleep well!

    LOL, thanks.

    p.s. "Unfortunately Safari & Edge don't support Clear-Site-Data"

    Clear-Site-Data is only a working draft right now so it's not really surprising Safari/Webkit and Edge don't support it yet. Even when standards do get formally recommended those two tend to lag behind everyone else in implementing them. Chrome, Opera and Firefox already support it as an experimental feature based on the working draft though.

    4 votes