Articles

Field notes on the code you didn't write.

Supply-chain incidents, the runtime behaviors that give a malicious dependency away, and why install-time has become the frontline for npm and PyPI.