• Amju Wolf@pawb.social
    link
    fedilink
    English
    arrow-up
    31
    ·
    9 months ago

    Packages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one.

    What happens when that person can’t afford to or doesn’t want to run the project anymore? What if they become malicious? What if they sell out? Etc.