Npm Slop & Wonky Software Supply Chains
6 points by rnb37
6 points by rnb37
Conda-Forge actually will have source for everything, and since the packages are built by Conda-Forge infrastructure you don't need to trust Joe Random's CI job. But you do of course need to trust a centralized build infrastructure.