Capslock: What is your code really capable of?
https://security.googleblog.com/2023/09/capslock-what-is-your-code-really.html [security.googleblog.com]
2023-09-17 02:39
Avoiding bad dependencies can be hard without appropriate information on what the dependency’s code actually does, and reviewing every line of that code is an immense task. Every dependency also brings its own dependencies, compounding the need for review across an expanding web of transitive dependencies. But what if there was an easy way to know the capabilities–the privileged operations accessed by the code–of your dependencies?
source: L