You’re auditing the wrong end of your WordPress supply chain (opens in new tab)
npm has lockfiles, provenance, and signed publishes. WordPress auto-update applies whatever the maintainer pushes, whenever they push it…
Read the original articlenpm has lockfiles, provenance, and signed publishes. WordPress auto-update applies whatever the maintainer pushes, whenever they push it…
Read the original article