Both this repo and https://github.com/facebook/install-dotslash uses mutable GitHub releases currently, which allow maintainers to change a release after it's been published (including creating/modifying/deleting release assets).
This is a supply chain risk for anyone using these repos' releases.
Please enable immutable releases on these repos and publish a new release.
Both this repo and https://github.com/facebook/install-dotslash uses mutable GitHub releases currently, which allow maintainers to change a release after it's been published (including creating/modifying/deleting release assets).
This is a supply chain risk for anyone using these repos' releases.
Please enable immutable releases on these repos and publish a new release.