top | item 27737799 (no title) Tipewryter | 4 years ago That is a very broad question. Can you mention a specific attack vector? Then I might be able to explain how I do or do not avoid it. discuss order hn newest ed_balls|4 years ago The link describes the attack vector. pipenv locks the dependencies using hash. if you company has my-company-py-lib then pip could install public library that pretends to be internal.
ed_balls|4 years ago The link describes the attack vector. pipenv locks the dependencies using hash. if you company has my-company-py-lib then pip could install public library that pretends to be internal.
ed_balls|4 years ago