The problem is that no one reviews what goes in the package registries. Unless someone spots the security issue it goes unnoticed and unfixed. Particularly true with new and not very popular packages.
To be fair to the author though this package won't take more than a couple of hours review quickly for potential back doors and if you just want one data structure it's at most in 3 files.
To be fair to the author though this package won't take more than a couple of hours review quickly for potential back doors and if you just want one data structure it's at most in 3 files.
reply