tasks.json is the problem here, who thought that was a good idea? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bethekidyouwant 18 days ago \| parent \| context \| favorite \| on: Threat actors expand abuse of Microsoft Visual Stu... tasks.json is the problem here, who thought that was a good idea?

paul_h 18 days ago [–]

Agree. But the first build you do after that clone/checkout is risky too. Maybe not as wide open, as the build-tool makers are a line of defence if they're acting on classes of vuln.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact