trust

Every Dependency Is a Decision You Didn't Make

Your lockfile is hundreds of trust relationships nobody negotiated. The highest-profile supply chain attacks of the last decade exploited trust, not code — and no scanner caught any of them in time.