Follow

does node-pre-gyp (used by sqlite3 to download precompiled binaries) do hash verification?

if i were the nsa/cia and wanted to backdoor infrastructure, i'd have a thing built into s3 (cia is a large aws customer, mind you) that allows me to selectively serve backdoored binaries into node process space via the mapbox-node-binary bucket.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!