Jiahan Chen
@jiahan_c
Creator of Rstack & Rsbuild & Vant / Rspack team lead @rspack_dev / SWC & Module Federation contributor
960 Following 2.6K Followers
Today's two supply chain incidents are likely connected:
1. `actions-cool/issues-helper` was compromised
2. AntV was compromised shortly after
I noticed AntV was using `actions-cool/issues-helper@main` in GitHub Actions.
Rspack was not affected because we pin Actions to commit ids via renovate's `pinGitHubActionDigests`.
Strongly recommend enabling it.
Show more
