Tom Morris on Nostr: Today in weird discoveries - WebJars. It's a way for JVM web apps to specify ...
Today in weird discoveries - WebJars. It's a way for JVM web apps to specify front-end dependencies in Maven-compatible build tools and have JS assets pulled in.
The fun bit though: the "binary" JAR on MavenCentral contains the JS code, but the source JARs don't - the SHA1/MD5 hashes (I know...) produced by Maven is the same because they're all hashed from an identical empty JAR.
This is a funsize headache if you're trying to beef up software supply chain security.
https://www.webjars.org
The fun bit though: the "binary" JAR on MavenCentral contains the JS code, but the source JARs don't - the SHA1/MD5 hashes (I know...) produced by Maven is the same because they're all hashed from an identical empty JAR.
This is a funsize headache if you're trying to beef up software supply chain security.
https://www.webjars.org