You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In particular, the @slack/bolt dependency does a huge amount of our security legwork. Is there more we can do to verify that we have the genuine article from NPM, and not something that has been compromised?
One possibility might be cloning the Bolt repo and pulling into Charlie from that. Then we could update Bolt periodically from upstream, but since we'd be taking NPM out of the equation, we wouldn't have that to worry about.
The text was updated successfully, but these errors were encountered:
In particular, the @slack/bolt dependency does a huge amount of our security legwork. Is there more we can do to verify that we have the genuine article from NPM, and not something that has been compromised?
One possibility might be cloning the Bolt repo and pulling into Charlie from that. Then we could update Bolt periodically from upstream, but since we'd be taking NPM out of the equation, we wouldn't have that to worry about.
The text was updated successfully, but these errors were encountered: