Thanks for staying on top of this! It got me thinking…
It’d be nice to build some security vulnerability reporting features into
Perhaps a package author could flag a particular version as containing a vulnerability, and then when running commands like
mix deps.get, we’d get a warning about that vulnerability.
I think that could help the ecosystem as a whole stay on top of security issues as Elixir grows.