DepSec Daily
Dependency & AI-agent security — practical notes, daily.

Complete checklist

extended edition

Full current guidance for Installing Vite securely: supply-chain notes for your build tooling:

  • Re-verify provenance on every version bump, not just first install.
  • Keep an allowlist of trusted publishers and pin to it.
  • Log and review all tool/dependency changes in CI.
  • Prefer signed releases and reproducible builds where available.